verification banal

voici le post hijack d'un ami
je veux just verifier si tout va bien!!!

Logfile of HijackThis v1.99.1
Scan saved at 14:24:08, on 2007-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mexico\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [tick date] C:\DOCUME~1\Mexico\APPLIC~1\GLUEDE~1\moveisoerror.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?6341b1f424ce4840880da06f9ae17970
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?6341b1f424ce4840880da06f9ae17970
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/games/hamsterball/en/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24462a5ebfbcae261a22/netzip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140821553734
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

merci d'avance de vos repoonse les amhis!!

bonsoir AMHi ding115,
Même si ce sont plus des lignes inutiles que polluées, fixe les lignes suivantes:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O4 - HKCU\..\Run: [tick date] C:\DOCUME~1\Mexico\APPLIC~1\GLUEDE~1\moveisoerror.exe
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
Tiens-nous au courant
AMHicalement

bonjour
as tu des pubs intempestives genre CID ou LOP?
car cette ligne est symptômatique d'une infection de ce genre
O4 - HKCU..Run: [tick date] C:DOCUME~1MexicoAPPLIC~1GLUEDE~1moveisoerror.exe

voudrais tu faire ceci stp?


Télécharge LopXPMH sur ton Bureau.

http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip


Dézippe-le et double clique sur le fichier lopxpMH.bat.

Poste le contenu du
rapport qui va s'ouvrir.

:w008:

Re

merci de cette inervention chifleur

je dirai a mon ami de faire la manip!!

celui ci est inscrit sur le site...je vais l'obliger a poster kelkechose lol

salut

Re tout le monde

voici le rapport Chifleur

Rapport lopxpMH2 version 2.0 fait à 13:31:01,06 le 2007-07-06
C:\Documents and Settings\Mexico
******************************************
## Répertoires Application Data
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\All Users\Application Data
2006-02-24 07:25 <DIR> .
2006-02-24 07:25 <DIR> ..
2006-08-05 21:17 <DIR> Adobe
2006-12-15 20:42 <DIR> avg7
2006-09-12 08:33 <DIR> Google
2007-02-03 23:57 <DIR> grid soap 01 jugs
2006-12-15 20:42 <DIR> Grisoft
2007-02-06 22:37 <DIR> Messenger Plus!
2006-02-24 07:25 <DIR> Microsoft
2006-02-27 16:34 <DIR> MSN6
2007-05-17 18:56 <DIR> MumboJumbo
2006-11-21 20:14 <DIR> PopCap
2006-02-26 18:53 <DIR> QuickTime
2006-02-24 12:53 <DIR> Symantec
2007-06-28 13:35 <DIR> TuneUp Software
2006-12-26 22:53 <DIR> VideoEgg
2007-01-01 14:25 <DIR> Windows Genuine Advantage
2006-10-16 21:44 <DIR> Windows Live Toolbar
2006-05-26 16:44 <DIR> Yahoo! Companion
2006-02-24 07:25 62 desktop.ini
1 File(s) 62 bytes
19 Dir(s) 63 794 569 216 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\Default User\Application Data
2006-02-24 07:25 <DIR> .
2006-02-24 07:25 <DIR> ..
2006-02-24 07:25 <DIR> Microsoft
2006-02-24 07:25 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 63 794 556 928 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\Default User\Local Settings\Application Data
2006-02-24 07:25 <DIR> .
2006-02-24 07:25 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 63 794 556 928 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\Guest\Application Data
2007-01-02 19:38 <DIR> .
2007-01-02 19:38 <DIR> ..
2007-01-02 19:38 <DIR> AVG7
2007-01-02 19:38 <DIR> Identities
2007-01-02 19:38 <DIR> Microsoft
2007-01-02 19:38 <DIR> Real
2007-01-02 19:38 62 desktop.ini
1 File(s) 62 bytes
6 Dir(s) 63 794 556 928 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\Guest\Local Settings\Application Data
2007-01-02 19:38 <DIR> .
2007-01-02 19:38 <DIR> ..
2007-01-02 19:38 <DIR> Microsoft
2007-01-03 00:02 3 232 668 IconCache.db
1 File(s) 3 232 668 bytes
3 Dir(s) 63 794 556 928 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\LocalService\Application Data
2006-02-24 12:46 <DIR> .
2006-02-24 12:46 <DIR> ..
2006-12-15 20:42 <DIR> AVG7
2006-02-24 12:46 <DIR> Microsoft
0 File(s) 0 bytes
4 Dir(s) 63 794 556 928 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\LocalService\Local Settings\Application Data
2006-02-24 12:46 <DIR> .
2006-02-24 12:46 <DIR> ..
2006-05-24 11:26 <DIR> Google
2006-02-24 12:46 <DIR> Microsoft
0 File(s) 0 bytes
4 Dir(s) 63 794 556 928 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\Mexico\Application Data
2006-02-24 12:50 <DIR> .
2006-02-24 12:50 <DIR> ..
2006-08-05 21:18 <DIR> Adobe
2006-08-05 21:18 <DIR> AdobeUM
2006-02-24 13:27 <DIR> Ahead
2006-12-15 20:43 <DIR> AVG7
2007-03-22 15:54 <DIR> bang
2007-02-03 23:56 <DIR> gluedeafmedia
2006-02-24 18:50 <DIR> Google
2006-02-27 18:22 <DIR> Help
2006-02-24 12:51 <DIR> Identities
2006-12-15 20:15 <DIR> Lavasoft
2007-06-21 09:53 <DIR> LimeWire
2006-05-24 18:54 <DIR> Macromedia
2006-02-24 12:50 <DIR> Microsoft
2006-02-27 16:34 <DIR> MSN6
2006-08-21 08:49 <DIR> Raptisoft
2006-02-24 18:40 <DIR> Real
2007-03-01 21:12 <DIR> Screenshot Sender
2007-01-02 16:21 <DIR> Sun
2006-02-24 12:53 <DIR> Symantec
2007-06-28 13:36 <DIR> TuneUp Software
2007-06-28 13:15 <DIR> uTorrent
2006-12-26 22:53 <DIR> VideoEgg
2007-06-21 15:25 <DIR> vlc
2006-02-24 12:50 62 desktop.ini
1 File(s) 62 bytes
25 Dir(s) 63 794 552 832 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\Mexico\Local Settings\Application Data
2006-02-24 12:50 <DIR> .
2006-02-24 12:50 <DIR> ..
2006-08-05 21:18 <DIR> Adobe
2006-02-24 18:50 <DIR> Google
2006-02-27 18:22 <DIR> Help
2006-05-24 18:40 <DIR> Identities
2006-02-24 12:50 <DIR> Microsoft
2006-05-12 12:41 16 384 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-02-24 22:42 43 720 GDIPFONTCACHEV1.DAT
2006-02-24 18:59 2 804 130 IconCache.db
3 File(s) 2 864 234 bytes
7 Dir(s) 63 794 552 832 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\NetworkService\Application Data
2006-02-24 12:46 <DIR> .
2006-02-24 12:46 <DIR> ..
2006-02-24 12:46 <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 63 794 552 832 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Documents and Settings\NetworkService\Local Settings\Application Data
2006-02-24 12:46 <DIR> .
2006-02-24 12:46 <DIR> ..
2006-02-24 12:46 <DIR> Microsoft
0 File(s) 0 bytes
3 Dir(s) 63 794 552 832 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\WINDOWS\system32\config\systemprofile\Application Data
2006-02-24 12:45 <DIR> .
2006-02-24 12:45 <DIR> ..
2006-02-24 12:45 <DIR> Microsoft
2006-02-24 12:45 62 desktop.ini
1 File(s) 62 bytes
3 Dir(s) 63 794 552 832 bytes free
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
2006-02-24 12:45 <DIR> .
2006-02-24 12:45 <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 63 794 552 832 bytes free
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

C:\WINDOWS\Tasks\1-Click
1-Click inexploitable

C:\WINDOWS\Tasks\Check
Check inexploitable

C:\WINDOWS\Tasks\Symantec
Symantec inexploitable
******************************************
## Répertoires de C:\Program Files
Volume in drive C has no label.
Volume Serial Number is 4C0F-04D2
Directory of C:\Program Files
2007-06-28 13:36 <DIR> .
2007-06-28 13:36 <DIR> ..
2006-08-18 07:53 <DIR> 3DGroove
2006-07-22 12:13 <DIR> Adobe
2007-03-03 12:00 <DIR> Adverts
2006-02-24 13:25 <DIR> Ahead
2007-02-24 22:50 <DIR> CCleaner
2007-06-28 13:35 <DIR> Common Files
2006-02-24 12:37 <DIR> ComPlus Applications
2006-05-05 17:59 <DIR> directx
2007-06-19 14:13 <DIR> Disney Interactive
2006-08-18 22:03 <DIR> GameHouse
2007-02-26 18:52 <DIR> gluedeafmedia
2007-07-06 09:38 <DIR> Google
2006-12-15 20:42 <DIR> Grisoft
2006-09-12 19:25 <DIR> Hasbro Interactive
2006-04-13 14:30 <DIR> Infogrames
2006-04-13 14:06 <DIR> Infogrames Interactive
2007-06-19 14:17 <DIR> Internet Explorer
2007-01-26 10:20 <DIR> Java
2007-06-28 13:07 <DIR> Lavalys
2006-12-15 20:15 <DIR> Lavasoft
2007-06-25 17:30 <DIR> LimeWire
2007-01-28 13:07 <DIR> Macrogaming
2006-12-19 21:14 <DIR> Messenger
2007-03-01 21:10 <DIR> Messenger Plus! Live
2007-03-13 19:36 <DIR> MessengerPlus! 3
2006-02-24 13:37 <DIR> Microsoft ActiveSync
2006-02-24 12:42 <DIR> microsoft frontpage
2006-02-24 13:36 <DIR> Microsoft Office
2006-02-24 13:37 <DIR> Microsoft.NET
2006-11-16 19:06 <DIR> Morpheus Toolbar
2006-02-24 20:28 <DIR> Movie Maker
2006-08-20 11:08 <DIR> MSN
2006-02-24 12:36 <DIR> MSN Gaming Zone
2007-06-23 12:56 <DIR> MSN Messenger
2006-02-24 20:24 <DIR> NetMeeting
2006-08-05 21:37 <DIR> Norton AntiVirus
2006-02-24 12:40 <DIR> Online Services
2007-06-12 21:28 <DIR> Outlook Express
2006-02-24 18:47 <DIR> Real
2006-08-05 21:41 <DIR> Symantec
2007-04-22 11:12 <DIR> Three Rings Design
2007-06-28 13:37 <DIR> TuneUp Utilities 2007
2007-06-28 13:15 <DIR> uTorrent
2006-12-26 22:53 <DIR> VideoEgg
2007-06-27 17:23 <DIR> VideoLAN
2007-06-02 13:05 <DIR> Windows Live
2006-10-16 21:44 <DIR> Windows Live Toolbar
2007-06-25 18:12 <DIR> Windows Media Connect 2
2007-06-25 18:13 <DIR> Windows Media Player
2006-02-24 20:23 <DIR> Windows NT
2006-02-24 18:18 <DIR> WinRAR
2006-02-24 12:42 <DIR> xerox
2006-12-15 20:36 <DIR> XoftSpy
2006-05-26 16:44 <DIR> Yahoo!
0 File(s) 0 bytes
56 Dir(s) 63 794 532 352 bytes free
******************************************
## Popups autorisées
* Internet Explorer
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
music.yahoo.com REG_BINARY
zonenxt.msn-int.com REG_BINARY
zonenxt.msn-ppe.com REG_BINARY
zone.msn.com REG_BINARY
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
mysearchnow.com REG_SZ
www.mysearchnow.com REG_SZ
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ
* Mozilla Firefox (1 autorisé 2 interdit)
******************************************
## Registre
* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.google.com/ie
* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
tick date REG_SZ C:\DOCUME~1\Mexico\APPLIC~1\GLUEDE~1\moveisoerror.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\01 Jugs Glue Grey]
command REG_SZ C:\Documents and Settings\All Users\Application Data\grid soap 01 jugs\Fastbind.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tick date]
command REG_SZ C:\DOCUME~1\Mexico\APPLIC~1\GLUEDE~1\moveisoerror.exe
******************************************
## Zones de sécurité
* HKCU Domains (4)
* P3P History (5)
******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

*************** Fin du rapport ****************


salut

Comment aller en Mode sans
échec lettre C


http://forum.pcastuces.com/sujet.asp?f=25&s=3902


Tu vas t'en servir sans accès à internet.

1/ Télécharge : - CCleaner
http://www.pcastuces.com/logitheque/ccleaner.htm

Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.

2* Crée un nouveau document texte :
clic droit de souris sur le bureau, "Nouveau"> "Document Texte".
Ouvre-le et copie-colle dedans de ce qui est ci-dessous, (copie tout d'un trait) :

Citation :

REGEDIT4

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"tick date"=-
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerNew WindowsAllow]
"netsearchsoft.com"=-
"www.netsearchsoft.com"=-
"dns-look-up.com"=-
"www.dns-look-up.com"=-
"mysearchnow.com"=-
"www.mysearchnow.com"=-
"netbios-wait.com"=-
"www.netbios-wait.com"=-
"searchweb2.com"=-
"www.searchweb2.com"=-

Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : reglop.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

*****Copie ce qui suit dans un fichier texte et redémarre en mode sans échec (choisis ta session habituelle, pas le compte "Administrateur" ou autre)*****

désinstalle via "Ajout/Suppression de programmes", si tu trouves :
(si l'un de ces programmes ne figure pas dans la liste ajout/suppression de programmes, recherche un fichier "uninstall..." dans un répertoire du même nom, dans C:Program Files et exécute-le)
Adverts
gluedeafmedia


4/ Assure toi d'avoir accès aux dossiers/fichiers cachés :
Ouvrir un dossier, n'importe lequel. Aller dans :
Outils/Options des dossiers/Affichage et
- cocher "afficher les dossiers et fichiers cachés",
- décocher "masquer les extensions des fichiers dont le type est connu".
- décocher masquer les fichiers protégés du système d'exploitation (recommandé)"
"appliquer" et "ok"


5/ recherche et supprime ces dossiers ou fichiers en gras
C:Documents and SettingsAll UsersApplication Datagrid soap 01 jugs
C:Documents and SettingsMexicoApplication Datagluedeafmedia



recache tes dossiers et fichiers en effectuant la manoeuvre inverse


6/ double clique sur reglop.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

7/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

*Redémarre normalement et poste un nouveau rapport HijackThis, toutes fenêtres et applications fermées. Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

Re Chifleur...

aww

j'etais tout a l'geure chez cette amie et maintenanat je suis chez moi, elle aurait trop de difficulté a le faire, je crois que je vais attendre la prochaine fois que j'irai chez elle pour arranger cela.

- Merci quand meme pour la reponse tres tres rapide...merci!!

Salut