Votre question

Alerte yieldmanager.com

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Décembre 2009 17:21:24

Bonjour a tous et bonnes fêtes,

depuis ce matin, quand je surf avast affiche de manière très régulière une message "bouclier réseau" me parlant de yieldmanager.com.

j'ai fais une analyse avec hijackthis et SDFIX.

SDFIX a détecté et viré deux trojan mais le problème persiste.

Voici les rapports d'analyse.

Merci à ceux qui peuvent me donner un coup de main.

GG

==========================================
rapport hijackthis
=========================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:42, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdecoms.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gg\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lightscribe.com/go/create
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Office07\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.ap...
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/...
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxdeCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdeserv.exe
O23 - Service: lxde_device - - C:\WINDOWS\system32\lxdecoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 11678 bytes


=============================================
rapport SDFIX
==============================================


SDFix: Version 1.240
Run by gg on 27/12/2009 at 16:23

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\gg\LOCALS~1\Temp\tmp55.tmp - Deleted
C:\DOCUME~1\gg\LOCALS~1\Temp\tmp61.tmp - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 16:44:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fa,de,79,95,18,b9,1d,8c,d4,fd,70,96,28,3d,91,0a,9a,c3,41,bc,b3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:73,e0,ce,f5,7f,ad,4d,14,fe,f7,40,15,89,f8,47,b1,93,e6,d2,5b,69,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,b6,27,15,a3,1e,06,5d,65,aa,c6,1f,7e,66,0b,39,32,b8,..
"khjeh"=hex:3b,b4,80,9c,67,28,50,25,40,64,9f,bf,0f,52,a9,ca,be,3c,b2,d1,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:41,37,b5,8d,19,7e,31,1c,cd,ce,01,93,cd,3b,19,8c,08,0d,93,cd,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fa,de,79,95,18,b9,1d,8c,d4,fd,70,96,28,3d,91,0a,9a,c3,41,bc,b3,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex]
"LogName"="C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy69.gthr"
"SecondaryLogName"="C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy70.gthr"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Lexmark 4800 Series\\lxdeamon.exe"="C:\\Program Files\\Lexmark 4800 Series\\lxdeamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\\Program Files\\Lexmark 4800 Series\\frun.exe"="C:\\Program Files\\Lexmark 4800 Series\\frun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"="C:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe:*:Enabled:p rinter Device Monitor"
"C:\\WINDOWS\\system32\\lxdecfg.exe"="C:\\WINDOWS\\system32\\lxdecfg.exe:*:Enabled:p rinter Communication System"
"C:\\WINDOWS\\system32\\lxdecoms.exe"="C:\\WINDOWS\\system32\\lxdecoms.exe:*:Enabled:Lexmark Communications System"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe:*:Enabled:p rinter Status Window Interface"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe:*:Enabled:Job Status Window Interface"
"C:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe"="C:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe:*:Enabled:KONICA MINOLTA FTP Utility"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\UltraVNC\\winvnc.exe"="C:\\Program Files\\UltraVNC\\winvnc.exe:*:Enabled:VNC server for Win32"
"C:\\Program Files\\Crave Entertainment\\World Championship Poker 2\\WCP2.exe"="C:\\Program Files\\Crave Entertainment\\World Championship Poker 2\\WCP2.exe:*:D isabled:WCP2"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft Office12\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office12\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"="C:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Program Files\\PHPEdit\\DBG\\DbgListener.exe"="C:\\Program Files\\PHPEdit\\DBG\\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"C:\\Documents and Settings\\gg\\Mes documents\\Azureus Downloads\\freezer.exe"="C:\\Documents and Settings\\gg\\Mes documents\\Azureus Downloads\\freezer.exe:*:Enabled:freezer"
"C:\\Documents and Settings\\gg\\Mes documents\\softs\\Freezer\\freezer.exe"="C:\\Documents and Settings\\gg\\Mes documents\\softs\\Freezer\\freezer.exe:*:Enabled:freezer"
"C:\\Program Files\\INCA\\Test Software\\MServer.exe"="C:\\Program Files\\INCA\\Test Software\\MServer.exe:*:Enabled:Server"
"C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE:*:Enabled:Microsoft Office Excel"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe"="C:\\Program Files\\KONICA MINOLTA\\FTP Utility\\KMFtp.exe:*:D isabled:KONICA MINOLTA FTP Utility"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 17 Jun 2008 56 A.SH. --- "C:\WINDOWS\SMINST\hpboot.sys"
Sun 1 Jun 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 6 Sep 2004 1,190,912 A..H. --- "C:\RECYCLER\S-1-5-21-2833626648-2792194075-287350803-1005\Dc41\~WRL2999.tmp"
Sun 1 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 7 Nov 2009 222,720 ...H. --- "C:\Documents and Settings\gg\Mes documents\enfants\~WRL2869.tmp"
Wed 11 Nov 2009 223,744 ...H. --- "C:\Documents and Settings\gg\Mes documents\enfants\~WRL3496.tmp"
Thu 13 Aug 2009 250,287 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\532723f4d601f959d6dd650b407075de\BIT1.tmp"
Mon 6 Sep 2004 1,190,912 A..H. --- "C:\Documents and Settings\gg\Mes documents\supports\Module net (claudette)\~WRL2999.tmp"
Sat 5 Sep 2009 33,280 ...H. --- "C:\Documents and Settings\gg\Mes documents\Exercices\vba\nouveau vba\~WRL0316.tmp"
Sat 5 Sep 2009 33,792 ...H. --- "C:\Documents and Settings\gg\Mes documents\Exercices\vba\nouveau vba\~WRL0623.tmp"
Sat 5 Sep 2009 33,280 ...H. --- "C:\Documents and Settings\gg\Mes documents\Exercices\vba\nouveau vba\~WRL1964.tmp"
Sat 5 Sep 2009 33,280 ...H. --- "C:\Documents and Settings\gg\Mes documents\Exercices\vba\nouveau vba\~WRL2749.tmp"
Fri 4 Sep 2009 27,648 ...H. --- "C:\Documents and Settings\gg\Mes documents\Exercices\vba\nouveau vba\~WRL2815.tmp"
Sat 5 Sep 2009 33,280 ...H. --- "C:\Documents and Settings\gg\Mes documents\Exercices\vba\nouveau vba\~WRL3643.tmp"
Sat 1 Mar 2008 24,064 A..H. --- "C:\Documents and Settings\gg\Mes documents\judo\cle secretaire\Donn‚es de JUDO\TOURNOI LABELLISE BENJAMINS\02 mars 2008\Organisation JCF\~WRL2699.tmp"

Finished!

Autres pages sur : alerte yieldmanager com

28 Décembre 2009 00:56:01

Salut et bonnes fêtes!

yieldmanager.com = service de yahoo pour les pubs il me semble, tu utilise yahoo pour un quelconque service?
28 Décembre 2009 08:06:38

ichigo11 a dit :
Salut et bonnes fêtes!

yieldmanager.com = service de yahoo pour les pubs il me semble, tu utilise yahoo pour un quelconque service?



Salut et merci pour ta réponse

A priori, non aucun soft (barre d'outils ou autre de chez yahoo).

De plus, sur ma page Igoogle (page google personnalisée)
il y a comme un bug :
elle se recharge toutes les secondes (a peu près). du coup elle est inutilisable (un coup de yahoo ne serait pas étonnant).
par contre la page google normale fonctionne correctement.

Merci pour votre aide


GG
28 Décembre 2009 22:45:52

Tu peux toujours essayé un scan malwarebytes', mais je pense pas qu'il trouve grand chose:

Télécharger sur le bureau Malwarebyte's Anti-Malware

* Double-clic sur « mbam-setup » pour lancer l'installation
* Installer simplement sans rien modifier
* Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour »
Onglet « Recherche » ==> cocher « Exécuter un examen complet »
* Clic « Rechercher »
* Cocher tous les disque dur
* Clic « Lancer l'examen »
* En fin de scan , si infection trouvée
==> Clic « Afficher résultat »
* Fermer vos applications en cours
* Vérifier si tout est coché et clic « Supprimer la sélection »

* un rapport s'ouvre le copier et le coller dans la réponse
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS