Aller au contenu

jerolola

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par jerolola

  1. jerolola
    voila tout est fait voila le liens j'espère que c'est bon © CJoint.com, 2010 est que je peut effacé tout les programme que je me suis servi ou je dois les gardé :super: :super:
  2. jerolola
    non mais vous voyez encore des programme malveillants sur le rapports , j'ai enlevé TeaTimer mais pour le reste je n'y connait rien :super:
  3. jerolola
    merci il est parti je ne l'ai plus un grand merci pour tout super :super: :super: pourquoi dois je faire les 2 derniers programme car j'ai fais spybot mais comme il est parti encore merci
  4. jerolola
    voila j'ai fais tout ce qu'il est inscrit voila les rapports rapport 1 ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 11/11/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 14:10:49 le 25/11/2010, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Phil@DELETREZ-47604F ( ) ============== RECHERCHE ============== Service: "Application Updater" Présent Fichier trouvé: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com Fichier trouvé: C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com Dossier trouvé: C:\Program Files\Application Updater Dossier trouvé: C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\Hotbar Dossier trouvé: C:\Documents and Settings\All Users\Application Data\HotbarSA Dossier trouvé: C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\pdfforge Dossier trouvé: C:\Program Files\pdfforge Toolbar Dossier trouvé: C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\Search Settings Fichier trouvé: C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll Clé trouvée: HKLM\Software\Classes\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} Clé trouvée: HKLM\Software\Classes\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Clé trouvée: HKLM\Software\Classes\CLSID\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} Clé trouvée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé trouvée: HKLM\Software\Classes\CLSID\{D95C7240-0282-4c01-93F5-673BCA03DA86} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4c01-93F5-673BCA03DA86} Clé trouvée: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé trouvée: HKLM\Software\Classes\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB} Clé trouvée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Clé trouvée: HKLM\Software\Classes\TypeLib\{76D54105-99EB-4ECB-95B2-A944F50CC566} Clé trouvée: HKLM\Software\Classes\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C} Clé trouvée: HKLM\Software\Classes\HotbarAx.Info Clé trouvée: HKLM\Software\Classes\HotbarAx.Info.1 Clé trouvée: HKLM\Software\Classes\HotbarAX.UserProfiles Clé trouvée: HKLM\Software\Classes\HotbarAX.UserProfiles.1 Clé trouvée: HKLM\Software\Classes\HotbarWeather.WeatherController Clé trouvée: HKLM\Software\Classes\HotbarWeather.WeatherController.1 Clé trouvée: HKLM\Software\Application Updater Clé trouvée: HKLM\Software\pdfforge Clé trouvée: HKLM\Software\Search Settings Clé trouvée: HKCU\Software\hotbarsa Clé trouvée: HKCU\Software\Search Settings Clé trouvée: HKCU\Software\AppDataLow\Software\pdfforge Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hotbar Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports Clé trouvée: HKLM\Software\Classes\Installer\Products\3D7B197543B881247905A6E8540DDA23 Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\3D7B197543B881247905A6E8540DDA23 Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5791B7D3-8B34-4218-9750-6A8E45D0AD32} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790375BC765A5734AA93 Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|Hotbar 11.0.117.0 Valeur trouvée: HKLM\Software\Mozilla\Firefox\Extensions|Hotbar@Hotbar.com Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HotbarSA Valeur trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.12 (fr)] ** -- C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\Mozilla\FireFox\Profiles\yl7kz6ii.default\Prefs.js -- browser.download.dir, C:\\Documents and Settings\\Phil.DELETREZ-47604F\\Bureau browser.download.lastDir, C:\\Documents and Settings\\Phil.DELETREZ-47604F\\Bureau browser.search.defaultenginename, MyStart Search browser.startup.homepage, hxxp://www.dhnet.be/ browser.startup.homepage_override.mstone, rv:1.9.2.12 keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search= ======================================== ** Internet Explorer Version [8.0.6001.18702] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Show_ToolBar: yes Start Page: hxxp://mystart.incredimail.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 25/11/2010 (5066 Octet(s)) Fin à: 14:11:38, 25/11/2010 ============== E.O.F ============== rapport 2 ====== RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 11/11/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 14:14:19 le 25/11/2010, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Phil@DELETREZ-47604F ( ) ============== ACTION(S) ============== Service: "Application Updater" Stoppé et supprimé Fichier supprimé: C:\Program Files\Mozilla FireFox\extensions\pdfforge@mybrowserbar.com Fichier supprimé: C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com Dossier supprimé: C:\Program Files\Application Updater Dossier supprimé: C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\Hotbar Dossier supprimé: C:\Documents and Settings\All Users\Application Data\HotbarSA Dossier supprimé: C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\pdfforge Dossier supprimé: C:\Program Files\pdfforge Toolbar Dossier supprimé: C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\Search Settings Fichier supprimé: C:\Program Files\Mozilla Firefox\plugins\npclntax_HotbarSA.dll (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} Clé supprimée: HKLM\Software\Classes\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} Clé supprimée: HKLM\Software\Classes\CLSID\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} Clé supprimée: HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} Clé supprimée: HKLM\Software\Classes\CLSID\{D95C7240-0282-4c01-93F5-673BCA03DA86} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4c01-93F5-673BCA03DA86} Clé supprimée: HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Clé supprimée: HKLM\Software\Classes\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB} Clé supprimée: HKLM\Software\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Clé supprimée: HKLM\Software\Classes\TypeLib\{76D54105-99EB-4ECB-95B2-A944F50CC566} Clé supprimée: HKLM\Software\Classes\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C} Clé supprimée: HKLM\Software\Classes\HotbarAx.Info Clé supprimée: HKLM\Software\Classes\HotbarAx.Info.1 Clé supprimée: HKLM\Software\Classes\HotbarAX.UserProfiles Clé supprimée: HKLM\Software\Classes\HotbarAX.UserProfiles.1 Clé supprimée: HKLM\Software\Classes\HotbarWeather.WeatherController Clé supprimée: HKLM\Software\Classes\HotbarWeather.WeatherController.1 Clé supprimée: HKLM\Software\Application Updater Clé supprimée: HKLM\Software\pdfforge Clé supprimée: HKLM\Software\Search Settings Clé supprimée: HKCU\Software\hotbarsa Clé supprimée: HKCU\Software\Search Settings Clé supprimée: HKCU\Software\AppDataLow\Software\pdfforge Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Hotbar Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ShopperReports Clé supprimée: HKLM\Software\Classes\Installer\Products\3D7B197543B881247905A6E8540DDA23 Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\3D7B197543B881247905A6E8540DDA23 Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5791B7D3-8B34-4218-9750-6A8E45D0AD32} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790375BC765A5734AA93 Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|Hotbar 11.0.117.0 Valeur supprimée: HKLM\Software\Mozilla\Firefox\Extensions|Hotbar@Hotbar.com Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|HotbarSA Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SearchSettings Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{B922D405-6D13-4A2B-AE89-08A030DA4402} ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.12 (fr)] ** -- C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\Mozilla\FireFox\Profiles\yl7kz6ii.default\Prefs.js -- browser.download.dir, C:\\Documents and Settings\\Phil.DELETREZ-47604F\\Bureau browser.download.lastDir, C:\\Documents and Settings\\Phil.DELETREZ-47604F\\Bureau browser.search.defaultenginename, MyStart Search browser.startup.homepage, hxxp://www.dhnet.be/ browser.startup.homepage_override.mstone, rv:1.9.2.12 keyword.URL, hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search= ======================================== ** Internet Explorer Version [8.0.6001.18702] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 144 Fichier(s) C:\Program Files\Ad-Remover\Backup: 14 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 25/11/2010 (1270 Octet(s)) C:\Ad-Report-SCAN[1].txt - 25/11/2010 (6868 Octet(s)) Fin à: 14:15:19, 25/11/2010 ============== E.O.F ============== rapport 3 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5188 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/25/2010 15:12:55 mbam-log-2010-11-25 (15-12-55).txt Type d'examen: Examen complet (C:\|D:\|J:\|) Elément(s) analysé(s): 240805 Temps écoulé: 37 minute(s), 35 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 18 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{x22u511x-84yd-eg04-w50w-0opx71avr1tt} (Generic.Bot.H) -> No action taken. HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> No action taken. HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32x (Rootkit.Agent) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\12318754 (Rogue.Multiple) -> No action taken. Fichier(s) infecté(s): C:\WINDOWS\system32\Temp\CrackRAZOR-1911.exe (Generic.Bot.H) -> No action taken. C:\Documents and Settings\Phil.DELETREZ-47604F\Mes documents\save\divers\Nouveau dossier (3)\VSOCxtD2.99.9.500\keygen.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP574\A0138165.dll (Riskware.Tool.CK) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP574\A0138200.dll (Riskware.Tool.CK) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP593\A0139913.dll (Riskware.Tool.CK) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP602\A0142545.exe (Trojan.Downloader) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145809.dll (Adware.Hotbar) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145811.dll (Adware.Hotbar) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145812.exe (Adware.Hotbar) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145813.dll (Adware.Hotbar) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0146932.dll (Adware.WidgiToolbar) -> No action taken. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0146939.dll (Adware.Hotbar) -> No action taken. D:\jeu\medall of honor 3\Medal Of Honor Patch FR(2)\Medal Of Honor Patch FR\Medal Of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken. J:\jeu\medall of honor 3\Medal Of Honor Patch FR(2)\Medal Of Honor Patch FR\Medal Of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken. C:\Documents and Settings\All Users\Application Data\12318754\12318754 (Rogue.Multiple) -> No action taken. C:\Documents and Settings\All Users\Application Data\12318754\pc12318754ins (Rogue.Multiple) -> No action taken. C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\wiaserva.log (Malware.Trace) -> No action taken. C:\Documents and Settings\Phil.DELETREZ-47604F\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken. rapport 4 aprés supprimé Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5188 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/25/2010 15:50:00 mbam-log-2010-11-25 (15-50-00).txt Type d'examen: Examen complet (C:\|D:\|J:\|) Elément(s) analysé(s): 240931 Temps écoulé: 35 minute(s), 21 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 11 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 18 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{x22u511x-84yd-eg04-w50w-0opx71avr1tt} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{0d82acd6-a652-4496-a298-2bde705f4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025e484-d4b0-441a-9f0b-69063bd679ce} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258b35c-05b8-4c0e-9525-9bccc70f8f2d} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{a89256ad-ec17-4a83-bef5-4b8bc4f39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2aa2fbf8-9c76-4e97-a226-25c5f4ab6358} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-cd68-4f36-8d02-8c43722ee5da} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\win32x (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rlist (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Application Data\12318754 (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\Temp\CrackRAZOR-1911.exe (Generic.Bot.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Phil.DELETREZ-47604F\Mes documents\save\divers\Nouveau dossier (3)\VSOCxtD2.99.9.500\keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP574\A0138165.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP574\A0138200.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP593\A0139913.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP602\A0142545.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145809.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145811.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145812.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0145813.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0146932.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{055579EC-DDF7-4D4B-9B0B-F5815D6DA70F}\RP606\A0146939.dll (Adware.Hotbar) -> Quarantined and deleted successfully. D:\jeu\medall of honor 3\Medal Of Honor Patch FR(2)\Medal Of Honor Patch FR\Medal Of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. J:\jeu\medall of honor 3\Medal Of Honor Patch FR(2)\Medal Of Honor Patch FR\Medal Of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\12318754\12318754 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\12318754\pc12318754ins (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\Phil.DELETREZ-47604F\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Phil.DELETREZ-47604F\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. merci
  5. jerolola
    Bonjour a tous , je suis nouveau sur le forum et je vous explique rapidement mon problème, quand je lance firefox, aucun problèmes pour surfer mais quand je le quitte, je m'aperçois que le processus se relance en arrière plan quand je quitte ce nouveau process, alors il me met une petite fenêtre c/programfile /system32/temp/ crackRAZOR-1911.exe 358682CA.pf dans la description mais je recherche après et impossible de le trouvé ) et alors je dois fermé 4 à 5 fois la fenêtre qui me dis que firefox c'est mal fermée et donc le processus firefox se relance... j'ai lu le message de l'autre membres du forum alors j'ai fais aussi une analyse avec hijackthis. je met un rapport hijackthis. merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36:27, on 11/24/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\WINDOWS\explorer.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Phil.DELETREZ-47604F\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file) O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing) O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (file missing) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file) O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing) O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [searchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\11.0.117.0\HotbarSA.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Windows Defender] C:\WINDOWS\system32\Temp\CrackRAZOR-1911.exe O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\PHIL~1.DEL\LOCALS~1\Temp\IXP000.TMP\" O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [WeatherDPA] "C:\Program Files\Hotbar\bin\11.0.117.0\Weather.exe" -auto O4 - HKCU\..\Run: [WahOO] "C:\Program Files\WahOO\WahOO.exe" silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Win32] C:\WINDOWS\system32\Temp\CrackRAZOR-1911.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\Temp\CrackRAZOR-1911.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\Temp\CrackRAZOR-1911.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - Page introuvable | Facebook O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 10069 bytes et dans ce programme je le vois en 04 encore merci d'avances
×
×
  • Créer...