Sujet Précédent Sujet Suivant

Supprimer un trojan

Kitchou -  
 Utilisateur anonyme -
Bonjour à tous!
Depuis environ une semaine, mon ordinateur à été infecté par un trojan. J'ai plus ou moins essayé de le supprimer mais étant donné que je suis complètement novice dans le domaine je n'arrive pas à aller bien loin toute seule.
Donc si quelqu'un aurait la gentillesse de jeter un coup d'œil, ça m'aiderait beaucoup...
Voici le rapport d'Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:58, on 20/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Hana\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAP\DAP.exe
C:\Users\Hana\AppData\Local\Temp\a.exe
C:\Users\Hana\AppData\Roaming\Twain\Twain.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66027
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MSFox] C:\Users\Hana\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [Twain] C:\Users\Hana\AppData\Roaming\Twain\Twain.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer = 85.255.115.116;85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.116;85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.116;85.255.112.169
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\Windows\PSEXESVC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
Utilisateur anonyme
 
ouvre un document texte , copie-coles ce contenu dedans :

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSFox"=-

et "enregistre sous" :Delete.REG sur le bureau

double clique sur la clé aiinsi creee et acceptes pour l'execution ........ensuite tu peux la supprimer ,

ensuite :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

ensuite :

(smitfraud suivra)
0
Réponse 2 / 32
Kitchou
 
Merci pour la réponse!

Mais quand je clique sur le fichier, j'ai ce message d'erreur :

"Impossible d'importer C:\Users\Hana\Desktop\Delete.REG : le fichier spécifié n'est pas un script du Registre. Vous pouvez uniquement importer des fichiers du Registre binaires à partir de l'éditeur du Registre."
0
Réponse 3 / 32
Utilisateur anonyme
 
ok occupe toi de toolbar S&D
0
Réponse 4 / 32
Kitchou
 
Ok, voilà le rapport :

-----------\\ ToolBar S&D 1.2.7 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Default System BIOS
USER : Hana ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080926-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:100 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 19-12-2008|22:30 )
Option : [1] ( 21/12/2008|14:42 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Crawler Toolbar
C:\Program Files\Crawler
C:\Program Files\Crawler\adrkeys.dat
C:\Program Files\Crawler\Cache
C:\Program Files\Crawler\COMMON_FF.dat
C:\Program Files\Crawler\confirm.dat
C:\Program Files\Crawler\ctbcomm.dll
C:\Program Files\Crawler\ctbr.dll
C:\Program Files\Crawler\CTConf.dat
C:\Program Files\Crawler\CTipsDef.dll
C:\Program Files\Crawler\CToolbar.exe
C:\Program Files\Crawler\CUpdate.exe
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\firefox
C:\Program Files\Crawler\Languages
C:\Program Files\Crawler\lookfor.dat
C:\Program Files\Crawler\majorse.dat
C:\Program Files\Crawler\rootmenu.dat
C:\Program Files\Crawler\services.dat
C:\Program Files\Crawler\svc_set.dat
C:\Program Files\Crawler\TBR5LanguageAct
C:\Program Files\Crawler\TempDir
C:\Program Files\Crawler\Update
C:\Program Files\Crawler\Cache\COMMON
C:\Program Files\Crawler\Cache\COMMON\CLEANUP_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\CLEANUP_MENU.dat
C:\Program Files\Crawler\Cache\COMMON\DIRLIST_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\DIRLIST_MENU.dat
C:\Program Files\Crawler\Cache\COMMON\ECARDS_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\ECARDS_MENU.dat
C:\Program Files\Crawler\Cache\COMMON\EMAIL_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\GAMES_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\GAMES_MENU.dat
C:\Program Files\Crawler\Cache\COMMON\SHOP_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\SPELL_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\TRAVEL_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\WAYBACK_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\WP_CHBMP.dat
C:\Program Files\Crawler\Cache\COMMON\YP_CHBMP.dat
C:\Program Files\Crawler\firefox\chrome
C:\Program Files\Crawler\firefox\chrome.manifest
C:\Program Files\Crawler\firefox\components
C:\Program Files\Crawler\firefox\install.ini
C:\Program Files\Crawler\firefox\install.rdf
C:\Program Files\Crawler\firefox\chrome\crawlertbr.jar
C:\Program Files\Crawler\firefox\components\xshared.dll
C:\Program Files\Crawler\firefox\components\xshared.xpt
C:\Program Files\Crawler\firefox\components\xsupport.dll
C:\Program Files\Crawler\firefox\components\xsupport.xpt
C:\Program Files\Crawler\Languages\TBR5_CS.cab
C:\Program Files\Crawler\Languages\TBR5_DE.cab
C:\Program Files\Crawler\Languages\TBR5_EN.cab
C:\Program Files\Crawler\Languages\TBR5_ES.cab
C:\Program Files\Crawler\Languages\TBR5_IT.cab
C:\Program Files\Crawler\Languages\TBR5_PT-BR.cab
C:\Program Files\Crawler\Languages\TBR5_PT.cab
C:\Program Files\Crawler\TBR5LanguageAct\info.ini
C:\Program Files\Crawler\TBR5LanguageAct\language.ini
C:\Windows\svchost.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.speedbit.com/"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66027"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{869207A1-D66B-4491-869C-06282567417D}]
DhcpNameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[b]==> WAREOUT <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Hana\Documents\Azureus Downloads\Spinto Band - Nice and Nicely Done\Nice and Nicely Done\06 Crack the Whip.mp3

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 21/12/2008|14:42 - Option : [1]

-----------\\ Fin du rapport a 14:42:59,10
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Utilisateur anonyme
 
bonjour :

Relance Toolbar-S&D en double-cliquant sur le raccourci.
Ø Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

"Exécuter en tant qu'administrateur".

Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php

http://www.malekal.com/tutorial_SmitFraudfix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto

Exécute le en choisissant l’option 1,
il va générer un rapport
Copie/colle le sur le poste stp.
0
Réponse 6 / 32
Kitchou
 
Bonsoir,

Voici le rapport Toolbar SD :


-----------\\ ToolBar S&D 1.2.7 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Default System BIOS
USER : Hana ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080926-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:100 Go (Free:5 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 19-12-2008|22:30 )
Option : [2] ( 21/12/2008|19:19 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.speedbit.com/"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66027"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
DhcpNameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{869207A1-D66B-4491-869C-06282567417D}]
DhcpNameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[b]==> WAREOUT <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Hana\Documents\Azureus Downloads\Spinto Band - Nice and Nicely Done\Nice and Nicely Done\06 Crack the Whip.mp3

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 21/12/2008|14:42 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 21/12/2008|18:56 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 21/12/2008|19:00 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 21/12/2008|19:19 - Option : [2]

-----------\\ Fin du rapport a 19:19:36,88

Et le rapport Smitfraudfix :

SmitFraudFix v2.387

Scan done at 19:17:43,86, 21/12/2008
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Hana\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAP\DAP.exe
C:\Users\Hana\AppData\Local\Temp\a.exe
C:\Users\Hana\AppData\Roaming\gadcom\gadcom.exe
C:\Users\Hana\AppData\Roaming\Twain\Twain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WQ6lI5N1.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !
C:\resycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

C:\Windows\Tasks\At?.job FOUND !
C:\Windows\Tasks\At??.job FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

C:\Windows\system32\msxml71.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Hana

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Hana\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Hana\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\Users\Hana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\homeview FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Hana\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\homeview\ FOUND !
C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 85.255.115.116;85.255.112.169

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 85.255.115.116;85.255.112.169

HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 7 / 32
Utilisateur anonyme
 
ok :
Relance le programme Smitfraudfix,
Cette fois choisit l’option 5, répond oui ,
Sauvegarde le rapport,

puis :

Telecharge maintenant FindyKill sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe

--> Lance l installation avec les parametres par default

--> Fais un clic droit sur le raccourci FindyKill sur ton bureau

--> Choisi executer en tant qu administrateur

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 8 / 32
Kitchou
 
D'accord (merci beaucoup de répondre aussi rapidement),

le rapport Smitfraud :

SmitFraudFix v2.387

Scan done at 19:41:57,42, 21/12/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 85.255.115.116;85.255.112.169

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 85.255.115.116;85.255.112.169

HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147

86.64.145.147
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147

86.64.145.147
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}:

DhcpNameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147

86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1

et le rapport FindyKill :

----------------- FindyKill V4.710 ------------------

* User : Hana - PC-DE-HANA
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 21/12/08 par Chiquitine29
* Recherche effectuée à 19:44:25 le 21/12/2008
* Windows Vista - Internet Explorer 7.0.6000.16757

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Hana\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAP\DAP.exe
C:\Users\Hana\AppData\Local\Temp\a.exe
C:\Users\Hana\AppData\Roaming\gadcom\gadcom.exe
C:\Users\Hana\AppData\Roaming\Twain\Twain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\WQ6lI5N1.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\notepad.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\Windows

»»»» Presence des fichiers dans C:\Windows\Prefetch

Found ! - C:\Windows\Prefetch\O4PATCH.EXE-D233EE39.pf

»»»» Presence des fichiers dans C:\Windows\system32

»»»» Presence des fichiers dans C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Presence des fichiers dans C:\Windows\system32\drivers

»»»» Presence des fichiers dans C:\Users\Hana\AppData\Roaming

»»»» Presence des fichiers dans C:\Users\Hana\AppData\Local\Temp

Found ! - C:\Users\Hana\AppData\Local\Temp\chrome_9321\patch.7z

»»»» Presence des fichiers dans C:\Users\Hana\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
ehTray.exe=C:\Windows\ehome\ehTray.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Google Update="C:\Users\Hana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
DownloadAccelerator="C:\Program Files\DAP\DAP.EXE" /STARTUP
MSFox=C:\Users\Hana\AppData\Local\Temp\a.exe
gadcom="C:\Users\Hana\AppData\Roaming\gadcom\gadcom.exe" 61A847B5BBF72810379D38466188719AB689201522886B092CBD44BD8689220221DD3257
Twain=C:\Users\Hana\AppData\Roaming\Twain\Twain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IgfxTray=C:\Windows\system32\igfxtray.exe
HotKeysCmds=C:\Windows\system32\hkcmd.exe
Persistence=C:\Windows\system32\igfxpers.exe
Apoint=C:\Program Files\Apoint2K\Apoint.exe
IAAnotif="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
QPService="C:\Program Files\HP\QuickPlay\QPService.exe"
QlbCtrl=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
UCam_Menu="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HP Health Check Scheduler=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
hpWirelessAssistant=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
AppleSyncNotifier=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
!AVG Anti-Spyware="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 3

Wlansvc - Type de démarrage = 2

/!\ SharedAccess - Type de démarrage = 4

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

WinDefend - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- Contenu de l'autorun : C:\autorun.inf

[autorun]
;qhtazisoiazjclrwhhknmqzqrnbertsboorfaufjxffifqbfdhuelxzcvjfirmxzfrptltdbewtxcjkgiomsfxdpjjiytleje
shellexecute="resycled\boot.com c:"
;vijuskscpkepicebiafqjwdllmikqokttaznewtopdifowixqofyewpacagmtpozixmprjpbrpdlqwmkwc
shell\Open\command="re

+- presence des fichiers :

Found ! [10/12/2008 22:07][-rahs----] - C:\autorun.inf

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------
0
Réponse 9 / 32
Utilisateur anonyme
 
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Fais clic droit sur le raccourci FindyKill sur ton bureau

--> Choisi executer en tant qu administrateur

--> Au menu principal,choisi l option 2 (Suppression)

/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque

suivi d'un nouveau rapport hijackthis
0
Réponse 10 / 32
Kitchou
 
Voilà voilà, le rapport FindyKill :

----------------- FindyKill V4.710 ------------------

* User : Hana - PC-DE-HANA
* executed from : C:\Program Files\FindyKill
* Update on 21/12/08 par Chiquitine29
* Start at 20:12:33 the 21/12/2008
* Windows Vista - Internet Explorer 7.0.6000.16757

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\Windows

»»»» Supression files in C:\Windows\Prefetch

Deleted ! - C:\Windows\prefetch\O4PATCH.EXE-D233EE39.pf

»»»» Supression files in C:\Windows\system32

»»»» Supression files in C:\Windows\system32\config\systemprofile\AppData\Roaming

»»»» Supression files in C:\Windows\system32\drivers

»»»» Supression files in C:\Users\Hana\AppData\Roaming

»»»» Supression files in C:\Users\Hana\AppData\Local\Temp

Deleted ! - C:\Users\Hana\AppData\Local\Temp\chrome_9321\patch.7z

»»»» Supression files in C:\Users\Hana\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_CURRENT_CONFIG\System\CurrentControlSet\Enum\ROOT\LEGACY_SROSA

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Wlansvc - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

WinDefend - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe
D: - Lecteur fixe

+- deleting files :

Deleted ! - C:\autorun.inf

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Users\Hana\AppData\Roaming\Azureus\torrents\Tchaikovsky_-_The_Nutcracker_(Complete)_[192kbps].3625203.TPB.torrent
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)
C:\Users\Hana\Documents\Azureus Downloads\Spinto Band - Nice and Nicely Done\Nice and Nicely Done\06 Crack the Whip.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\01 - Overture.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\02 - Act I, Tableau 1, The Christmas Tree.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\03 - Act I, Tableau 1, March.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\04 - Act I, Tableau 1, Galop and Dance of the Parents.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\05 - Act I, Tableau 1, Dance Scene - The Presents of Drosselmeyer.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\06 - Act I, Tableau 1, Scene - Grandfather Dance.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\07 - Act I, Tableau 1, Clara and the Nutcracker.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\08 - Act I, Tableau 1, The Nutcracker battles against the Army of the Mouse King, etc..mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\09 - Act I, Tableau 2, In the Christmas Tree.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\10 - Act I, Tableau 2, Scene and Waltz of the Snowflakes.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\11 - Act II, Tableau 3, The Magic Castle on the Mountain of Sweets.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\12 - Act II, Tableau 3, Clara and Prince Charming.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\13 - Act II, Tableau 3, Character Dances, a. Chocolate (Spanish Dance).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\14 - Act II, Tableau 3, Character Dances, b. Coffee (Arabian Dance).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\15 - Act II, Tableau 3, Character Dances, c. Tea (Chinese Dance).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\16 - Act II, Tableau 3, Character Dances, d. Tr‚pak (Russian Dance).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\17 - Act II, Tableau 3, Character Dances, e. Dance of the Reed Pipes.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\18 - Act II, Tableau 3, Character Dances, f. Polichinelle (The Clown).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\19 - Act II, Tableau 3, Waltz of the Flowers.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\20 - Act II, Tableau 3, Pas de deux, a. Intrada.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\21 - Act II, Tableau 3, Pas de deux, b. Variation I (Tarantella).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\22 - Act II, Tableau 3, Pas de deux, c. Variation II (Dance of the Sugar-Plum Fairy).mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\23 - Act II, Tableau 3, Pas de deux, d. Coda.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\24 - Act II, Tableau 3, Closing Waltz - Grand Finale.mp3
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\AlbumArtSmall.jpg
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\AlbumArt_{D72FE849-8BBB-4F89-BDB0-DC10D06DBC1F}_Large.jpg
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\AlbumArt_{D72FE849-8BBB-4F89-BDB0-DC10D06DBC1F}_Small.jpg
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\cover.jpg
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\desktop.ini
C:\Users\Hana\Documents\Azureus Downloads\Tchaikovsky - The Nutcracker (Complete)\Folder.jpg
C:\Users\Hana\Downloads\Tchaikovsky_-_The_Nutcracker_(Complete)_[192kbps].3625203.TPB.torrent
C:\Users\Hana\Music\Playlists\The Nutcracker _ Tchaikovsky.wpl

---------------- ! End of report ! ------------------

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:45, on 21/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DAP\DAP.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66027
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MSFox] C:\Users\Hana\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [gadcom] "C:\Users\Hana\AppData\Roaming\gadcom\gadcom.exe" 61A847B5BBF72810379D38466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Twain] C:\Users\Hana\AppData\Roaming\Twain\Twain.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer = 85.255.115.116;85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer = 85.255.115.116;85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.116;85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.116;85.255.112.169
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\Windows\PSEXESVC.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 11 / 32
Utilisateur anonyme
 
http://siri.urz.free.fr/Fix/SmitfraudFix.php

4.Télécharger Smitfraudfix par S!RI :
Décompresser l'archive
Exécuter le en double cliquant sur Smitfraudfix.cmd
Appuyer sur une touche pour continuer
Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française
Au menu, choisir l’option 5
Poster le rapport ainsi généré dans le forum

0
Réponse 12 / 32
Kitchou
 
Ok :

SmitFraudFix v2.387

Scan done at 19:41:57,42, 21/12/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 85.255.115.116;85.255.112.169

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Atheros AR5007 802.11b/g WiFi Adapter
DNS Server Search Order: 85.255.115.116;85.255.112.169

HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=84.103.237.147 86.64.145.147
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.116;85.255.112.169

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{869207A1-D66B-4491-869C-06282567417D}: DhcpNameServer=192.168.1.1
0
Réponse 13 / 32
Utilisateur anonyme
 
je comprends pas comment toolbar s&d n a pas supprime crawler......

:processes
explorer.exe

:files
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

:commands
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 14 / 32
Kitchou
 
Le rapport :

File/Folder not found.
File/Folder not found.
File/Folder :processes not found.
File/Folder explorer.exe not found.
File/Folder not found.
File/Folder not found.
File/Folder :files not found.
File move failed. C:\Windows\Tasks\At1.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At10.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At11.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At12.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At13.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At14.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At15.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At16.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At17.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At18.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At19.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At2.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At20.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At21.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At22.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At23.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At24.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At25.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At26.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At27.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At28.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At29.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At3.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At30.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At31.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At32.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At33.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At34.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At35.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At36.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At37.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At38.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At39.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At4.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At40.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At41.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At42.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At43.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At44.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At45.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At46.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At47.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At48.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At49.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At5.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At50.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At51.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At52.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At53.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At54.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At55.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At56.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At57.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At58.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At59.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At6.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At60.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At61.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At62.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At63.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At64.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At65.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At66.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At67.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At68.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At69.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At7.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At70.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At71.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At72.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At8.job scheduled to be moved on reboot.
File move failed. C:\Windows\Tasks\At9.job scheduled to be moved on reboot.
File/Folder not found.
File/Folder :commands not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [reboot] not found.

Created on 12/21/2008 21:27:37
0
Réponse 15 / 32
Utilisateur anonyme
 
desole y a un morceau du canned qui est pas passe .

tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 16 / 32
Kitchou
 
Voilà voilà :

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Default System BIOS
USER : Hana ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080926-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total:100 Go (Free:4 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 21/12/2008|22:00 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[01/06/2008|18:56] C:\Users\Hana\AppData\Local\Adobe
[08/05/2008|10:48] C:\Users\Hana\AppData\Local\AOL
[11/07/2008|20:18] C:\Users\Hana\AppData\Local\AOL OCP
[10/07/2008|11:50] C:\Users\Hana\AppData\Local\Apple
[30/08/2008|09:35] C:\Users\Hana\AppData\Local\Apple Computer
[08/05/2008|10:31] C:\Users\Hana\AppData\Local\Application Data
[23/06/2008|11:25] C:\Users\Hana\AppData\Local\Apps
[08/05/2008|10:47] C:\Users\Hana\AppData\Local\AtStart.txt
[15/12/2008|12:34] C:\Users\Hana\AppData\Local\d3d9caps.dat
[21/12/2008|21:39] C:\Users\Hana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[23/06/2008|11:25] C:\Users\Hana\AppData\Local\Deployment
[08/05/2008|10:38] C:\Users\Hana\AppData\Local\Downloaded Installations
[08/05/2008|10:47] C:\Users\Hana\AppData\Local\DSwitch.txt
[17/12/2008|18:05] C:\Users\Hana\AppData\Local\GDIPFONTCACHEV1.DAT
[21/12/2008|21:31] C:\Users\Hana\AppData\Local\Google
[11/05/2008|11:38] C:\Users\Hana\AppData\Local\Hewlett-Packard
[08/05/2008|10:31] C:\Users\Hana\AppData\Local\Historique
[21/12/2008|21:27] C:\Users\Hana\AppData\Local\IconCache.db
[27/11/2008|21:36] C:\Users\Hana\AppData\Local\Microsoft
[03/07/2008|12:03] C:\Users\Hana\AppData\Local\Microsoft Games
[23/06/2008|12:58] C:\Users\Hana\AppData\Local\Microsoft Help
[10/05/2008|21:15] C:\Users\Hana\AppData\Local\Mozilla
[08/05/2008|10:47] C:\Users\Hana\AppData\Local\QSwitch.txt
[15/12/2008|12:43] C:\Users\Hana\AppData\Local\QuickPlay
[21/12/2008|21:59] C:\Users\Hana\AppData\Local\Temp
[08/05/2008|10:31] C:\Users\Hana\AppData\Local\Temporary Internet Files
[11/05/2008|09:51] C:\Users\Hana\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[21/12/2008 20:09][--a------] C:\Windows\tasks\At72.job
[21/12/2008 21:59][--a------] C:\Windows\tasks\At71.job
[21/12/2008 21:00][--a------] C:\Windows\tasks\At70.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At69.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At68.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At67.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At66.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At65.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At64.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At63.job
[21/12/2008 21:59][--a------] C:\Windows\tasks\At62.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At61.job
[21/12/2008 21:29][--a------] C:\Windows\tasks\At60.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At59.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At58.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At57.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At56.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At55.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At54.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At53.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At52.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At51.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At50.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At49.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At48.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At47.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At46.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At45.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At44.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At43.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At42.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At41.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At40.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At39.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At38.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At37.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At36.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At35.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At34.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At33.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At32.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At31.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At30.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At29.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At28.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At27.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At26.job
[21/12/2008 20:09][--a------] C:\Windows\tasks\At25.job
[20/12/2008 23:00][--a------] C:\Windows\tasks\At24.job
[21/12/2008 21:59][--a------] C:\Windows\tasks\At23.job
[21/12/2008 21:00][--a------] C:\Windows\tasks\At22.job
[19/12/2008 19:59][--a------] C:\Windows\tasks\At21.job
[21/12/2008 19:00][--a------] C:\Windows\tasks\At20.job
[17/12/2008 18:00][--a------] C:\Windows\tasks\At19.job
[17/12/2008 20:18][--a------] C:\Windows\tasks\At18.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At17.job
[21/12/2008 14:59][--a------] C:\Windows\tasks\At16.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At15.job
[15/12/2008 13:00][--a------] C:\Windows\tasks\At14.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At13.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At12.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At11.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At10.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At9.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At8.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At7.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At6.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At5.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At4.job
[12/12/2008 20:58][--a------] C:\Windows\tasks\At3.job
[17/12/2008 01:00][--a------] C:\Windows\tasks\At2.job
[17/12/2008 00:53][--a------] C:\Windows\tasks\At1.job
[20/12/2008 22:58][--a------] C:\Windows\tasks\GoogleUpdateTaskUser.job
[20/12/2008 20:44][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{B5BDCE0C-0219-4FCD-8553-2F0D1A0FF00F}.job
[21/12/2008 21:29][--ah-----] C:\Windows\tasks\SA.DAT
[21/12/2008 21:27][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[21/11/2007|06:47] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[02/12/2008|22:43] C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[01/06/2008|20:02] C:\ProgramData\Adobe
[11/07/2008|20:18] C:\ProgramData\AOL
[11/07/2008|20:18] C:\ProgramData\AOL OCP
[28/11/2008|20:10] C:\ProgramData\Apowersoft
[10/07/2008|11:50] C:\ProgramData\Apple
[02/12/2008|22:42] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[14/01/2008|23:11] C:\ProgramData\Atheros
[15/07/2008|09:42] C:\ProgramData\Azureus
[08/05/2008|10:25] C:\ProgramData\Bureau
[15/12/2008|13:25] C:\ProgramData\CheckPoint
[10/05/2008|20:37] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[08/05/2008|10:39] C:\ProgramData\Electronic Arts
[12/07/2008|23:57] C:\ProgramData\eMule
[08/05/2008|10:25] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[30/07/2008|01:11] C:\ProgramData\Google
[17/12/2008|17:21] C:\ProgramData\Grisoft
[08/05/2008|10:47] C:\ProgramData\Hewlett-Packard
[10/05/2008|09:44] C:\ProgramData\HP
[08/05/2008|10:25] C:\ProgramData\Menu D‚marrer
[11/05/2008|08:32] C:\ProgramData\Messenger Plus!
[14/12/2008|23:35] C:\ProgramData\Microsoft
[17/11/2008|13:16] C:\ProgramData\Microsoft Help
[08/05/2008|10:25] C:\ProgramData\ModŠles
[21/11/2007|06:32] C:\ProgramData\muvee Technologies
[20/12/2008|14:10] C:\ProgramData\Simply Super Software
[03/11/2008|22:13] C:\ProgramData\SpeedBit
[02/11/2006|14:02] C:\ProgramData\Start Menu
[16/07/2008|15:55] C:\ProgramData\Symantec
[21/12/2008|21:31] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[21/11/2007|06:09] C:\ProgramData\Viewpoint
[14/01/2008|23:34] C:\ProgramData\WildTangent
[10/05/2008|20:03] C:\ProgramData\WLInstaller
[17/12/2008|17:51] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[11/05/2008|10:24] C:\Program Files\[webwiz]
[21/11/2007|06:47] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[15/07/2008|15:26] C:\Program Files\Adobe
[21/11/2007|06:09] C:\Program Files\AIM6
[30/07/2008|09:03] C:\Program Files\Alwil Software
[08/05/2008|10:40] C:\Program Files\AOL
[14/01/2008|23:13] C:\Program Files\Apoint2K
[28/11/2008|20:10] C:\Program Files\Apowersoft
[29/08/2008|16:51] C:\Program Files\Apple Software Update
[14/01/2008|23:11] C:\Program Files\Atheros
[27/06/2008|19:41] C:\Program Files\Audacity
[30/11/2008|10:19] C:\Program Files\AviSynth 2.5
[22/11/2008|23:50] C:\Program Files\Azureus
[17/12/2008|13:38] C:\Program Files\Bonjour
[17/12/2008|17:11] C:\Program Files\CCleaner
[29/08/2008|16:47] C:\Program Files\Common Files
[14/01/2008|23:18] C:\Program Files\CONEXANT
[14/01/2008|23:31] C:\Program Files\CyberLink
[03/11/2008|22:29] C:\Program Files\DAP
[19/07/2008|15:37] C:\Program Files\DivX
[08/05/2008|10:39] C:\Program Files\Electronic Arts
[30/07/2008|08:47] C:\Program Files\eMule
[30/11/2008|10:19] C:\Program Files\eRightSoft
[15/12/2008|12:43] C:\Program Files\FairUse Wizard 2
[08/05/2008|10:25] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[21/12/2008|20:16] C:\Program Files\FindyKill
[07/09/2008|19:35] C:\Program Files\Google
[17/12/2008|17:21] C:\Program Files\Grisoft
[14/01/2008|23:26] C:\Program Files\Hewlett-Packard
[10/12/2008|21:51] C:\Program Files\homeview
[08/09/2008|18:24] C:\Program Files\Hp
[14/01/2008|23:34] C:\Program Files\HP Games
[14/01/2008|23:26] C:\Program Files\HPQ
[08/05/2008|10:39] C:\Program Files\InstallShield Installation Information
[14/01/2008|23:16] C:\Program Files\Intel
[18/10/2008|12:39] C:\Program Files\Internet Explorer
[02/12/2008|22:42] C:\Program Files\iPod
[02/12/2008|22:43] C:\Program Files\iTunes
[01/12/2008|20:19] C:\Program Files\Java
[31/08/2008|09:19] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[21/11/2007|06:45] C:\Program Files\Microsoft Office
[21/11/2007|06:46] C:\Program Files\Microsoft Works
[21/11/2007|06:45] C:\Program Files\Microsoft.NET
[21/11/2007|13:32] C:\Program Files\Movie Maker
[21/12/2008|20:27] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[02/11/2006|13:37] C:\Program Files\MSN
[11/05/2008|08:36] C:\Program Files\MSXML 4.0
[21/11/2007|06:32] C:\Program Files\muvee Technologies
[14/01/2008|23:15] C:\Program Files\NetWaiting
[08/05/2008|10:41] C:\Program Files\Online Services
[24/07/2008|11:33] C:\Program Files\PhotoFiltre
[23/05/2008|19:32] C:\Program Files\PhotoFiltre Studio
[02/12/2008|22:41] C:\Program Files\QuickTime
[24/08/2008|21:49] C:\Program Files\Real
[14/01/2008|23:14] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[02/12/2008|21:59] C:\Program Files\Safari
[10/12/2008|21:51] C:\Program Files\Setup
[20/12/2008|14:33] C:\Program Files\Trend Micro
[20/12/2008|14:11] C:\Program Files\Trojan Remover
[14/12/2008|23:26] C:\Program Files\Uninstall
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[01/08/2008|09:23] C:\Program Files\VideoLAN
[21/11/2007|06:09] C:\Program Files\Viewpoint
[21/11/2007|06:02] C:\Program Files\Windows Calendar
[21/11/2007|13:32] C:\Program Files\Windows Collaboration
[21/11/2007|06:02] C:\Program Files\Windows Defender
[21/11/2007|13:32] C:\Program Files\Windows Journal
[10/05/2008|20:14] C:\Program Files\Windows Live
[18/10/2008|12:39] C:\Program Files\Windows Mail
[11/05/2008|09:24] C:\Program Files\Windows Media Player
[08/05/2008|10:25] C:\Program Files\Windows NT
[21/11/2007|13:32] C:\Program Files\Windows Photo Gallery
[11/05/2008|09:24] C:\Program Files\Windows Sidebar
[22/08/2008|08:52] C:\Program Files\WinRAR
[17/12/2008|17:11] C:\Program Files\Yahoo!
[15/12/2008|13:27] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[01/06/2008|20:02] C:\Program Files\Common Files\Adobe
[21/11/2007|06:08] C:\Program Files\Common Files\AOL
[02/12/2008|22:42] C:\Program Files\Common Files\Apple
[21/11/2007|06:45] C:\Program Files\Common Files\DESIGNER
[21/11/2007|07:01] C:\Program Files\Common Files\InstallShield
[21/11/2007|07:14] C:\Program Files\Common Files\Java
[24/08/2008|11:32] C:\Program Files\Common Files\microsoft shared
[21/11/2007|06:32] C:\Program Files\Common Files\muvee Technologies
[19/07/2008|15:36] C:\Program Files\Common Files\PX Storage Engine
[24/08/2008|21:50] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[16/07/2008|15:56] C:\Program Files\Common Files\Symantec Shared
[21/11/2007|06:02] C:\Program Files\Common Files\System
[10/05/2008|20:14] C:\Program Files\Common Files\WindowsLiveInstaller
[24/08/2008|21:50] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 82 Processes )

iexplore.exe ~ [PID:4668]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 22:00:29
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\Windows\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At52.job
C:\Windows\Tasks\At53.job
C:\Windows\Tasks\At54.job
C:\Windows\Tasks\At55.job
C:\Windows\Tasks\At56.job
C:\Windows\Tasks\At57.job
C:\Windows\Tasks\At58.job
C:\Windows\Tasks\At59.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At60.job
C:\Windows\Tasks\At61.job
C:\Windows\Tasks\At62.job
C:\Windows\Tasks\At63.job
C:\Windows\Tasks\At64.job
C:\Windows\Tasks\At65.job
C:\Windows\Tasks\At66.job
C:\Windows\Tasks\At67.job
C:\Windows\Tasks\At68.job
C:\Windows\Tasks\At69.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At70.job
C:\Windows\Tasks\At71.job
C:\Windows\Tasks\At72.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{869207A1-D66B-4491-869C-06282567417D}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{8F14A6FA-C656-4E71-A0D2-FBCC4E130853}]
NameServer REG_SZ 85.255.115.116;85.255.112.169
[b]==> WAREOUT <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Hana\Documents\Azureus Downloads\Spinto Band - Nice and Nicely Done\Nice and Nicely Done\06 Crack the Whip.mp3

[F:13][D:8]-> C:\Users\Hana\AppData\Local\Temp
[F:27][D:1]-> C:\Users\Hana\AppData\Roaming\MICROS~1\Windows\Cookies
[F:62][D:7]-> C:\Users\Hana\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 21/12/2008|22:00 - Option : [1]

--------------------\\ Fin du rapport a 22:00:46
[ UAC => 1 ]
0
Réponse 17 / 32
Utilisateur anonyme
 
Bonjour,

Désinstalle Toolbar S & D.

1) Télécharger ATF Cleaner par Atribune.
Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)

Double-clique ATF-Cleaner.exe afin de lancer le programme.
--> Sous Vista: Clic droit/exécuter en temps qu'administrateur.
Toujours sous VISTA: décocher la case Prefetch.
Sous l'onglet Main, choisis : Select All
Cliquer sur le bouton Empty Selected
0
Réponse 18 / 32
Kitchou
 
Bonjour!
Voilà c'est fait, et après?
0
Réponse 19 / 32
Utilisateur anonyme
 
tu n as pas eu de rapport ?
0
Réponse 20 / 32
Utilisateur anonyme
 
renvoie hijackthis stp
0

Discussions similaires

Supprimer compte facebook sans mail
Joris77 -
Mollygwen -

24 réponses
Supprimer compte Tendermeets.com
anonyme -
anonyme -

1 réponse