Sujet Précédent Sujet Suivant

Virus

Résolu
ricco72 Messages postés 33 Statut Membre -  
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

voila j ai fait un malwarebytes anti-malware,il me trouve 3 infection que je n arrive pas a enlever.

voici le raport malware/

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1765
Windows 5.1.2600 Service Pack 2

17/02/2009 17:36:36
mbam-log-2009-02-17 (17-36-15).txt

Type de recherche: Examen rapide
Eléments examinés: 67366
Temps écoulé: 10 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

et le raport smitfraudfix:

SmitFraudFix v2.396

Rapport fait à 17:39:45,15, 17/02/2009
Executé à partir de C:\Documents and Settings\hp\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\hp\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\aich.exe
C:\WINDOWS\winlogox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\hp

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\hp\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\hp\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\hp\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11b/g WLAN - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B49E235E-A592-48CD-9501-97ABB5AACAA5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B49E235E-A592-48CD-9501-97ABB5AACAA5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B49E235E-A592-48CD-9501-97ABB5AACAA5}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

merci d avance pour votre aide^^.
A voir également:

47 réponses

Précédent
Réponse 21 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Relance Lop S&D

* Choisis cette fois ci l'Option 2 (Suppression)

* Ne ferme pas la fenêtre lors de la suppression !

* Poste le rapport généré (C:\lopR.txt)
0
Réponse 22 / 47
ricco72 Messages postés 33 Statut Membre
 
voila:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3200+ )
BIOS : Ver 1.00PARTTBL
USER : hp ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.7.1098 [VPS 080731-0] 4.7.1098 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:10 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 17/02/2009|22:15 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB\Great Amen.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB\Great Amen.exe
Supprime! - C:\DOCUME~1\hp\APPLIC~1\oncedo~1\gplcornaudiobeep.exe
Supprime! - C:\DOCUME~1\hp\APPLIC~1\oncedo~1\Inside Readme.exe
Supprime! - C:\DOCUME~1\hp\APPLIC~1\oncedo~1\LongDoesMove.exe
Supprime! - C:\DOCUME~1\hp\APPLIC~1\oncedo~1\suyrupgs.exe
Supprime! - C:\DOCUME~1\hp\APPLIC~1\oncedo~1\uyebkydw.exe
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\DOCUME~1\hp\Cookies\hp@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\hp\Cookies\hp@advertising[1].txt
Supprime! - C:\WINDOWS\Tasks\A83745A99188C0B1.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\LICENSE ADMIN OPTION BIB
Supprime! - C:\DOCUME~1\hp\APPLIC~1\oncedo~1
Supprime! - C:\Program Files\oncedo~1
Supprime! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[17/05/2005|04:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[17/05/2005|11:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[17/05/2005|04:03] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[17/05/2005|04:34] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[25/07/2007|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[11/08/2007|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[13/05/2007|17:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[11/08/2007|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[04/02/2009|23:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[17/03/2007|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Babylon
[21/12/2007|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bass
[22/12/2007|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
[07/02/2009|22:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/02/2009|13:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[17/05/2005|04:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpqwmi
[17/05/2005|04:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[16/02/2009|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/07/2008|22:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[29/08/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS
[29/08/2008|16:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming
[22/12/2008|13:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[23/12/2007|00:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
[21/12/2007|23:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
[17/05/2005|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[17/05/2005|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[07/02/2009|22:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[25/12/2007|11:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[20/09/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[11/08/2007|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/08/2008|20:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[10/03/2007|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[22/12/2007|00:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
[14/01/2007|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[19/09/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[17/05/2005|04:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[17/05/2005|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[17/05/2005|04:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[17/05/2005|04:34] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[08/06/2008|14:20] C:\DOCUME~1\hp\APPLIC~1\Adobe
[31/03/2007|12:20] C:\DOCUME~1\hp\APPLIC~1\AdobeUM
[11/08/2007|15:56] C:\DOCUME~1\hp\APPLIC~1\AOL
[20/05/2007|13:52] C:\DOCUME~1\hp\APPLIC~1\Apple Computer
[04/02/2009|23:58] C:\DOCUME~1\hp\APPLIC~1\AVS4YOU
[17/03/2007|13:27] C:\DOCUME~1\hp\APPLIC~1\Babylon
[20/05/2007|10:49] C:\DOCUME~1\hp\APPLIC~1\CopyToDvd
[17/02/2009|02:30] C:\DOCUME~1\hp\APPLIC~1\EoRezo
[03/05/2008|18:18] C:\DOCUME~1\hp\APPLIC~1\FlySuite
[07/02/2009|22:54] C:\DOCUME~1\hp\APPLIC~1\Google
[17/02/2009|13:18] C:\DOCUME~1\hp\APPLIC~1\Grisoft
[15/11/2007|00:05] C:\DOCUME~1\hp\APPLIC~1\Help
[21/08/2007|13:21] C:\DOCUME~1\hp\APPLIC~1\Hotbar_Icons
[17/05/2005|11:51] C:\DOCUME~1\hp\APPLIC~1\Identities
[21/12/2007|23:50] C:\DOCUME~1\hp\APPLIC~1\InterTrust
[24/09/2006|18:53] C:\DOCUME~1\hp\APPLIC~1\InterVideo
[11/03/2008|01:34] C:\DOCUME~1\hp\APPLIC~1\ItsLabel
[25/10/2006|21:55] C:\DOCUME~1\hp\APPLIC~1\Leadertech
[11/11/2006|21:05] C:\DOCUME~1\hp\APPLIC~1\Macromedia
[16/02/2009|16:18] C:\DOCUME~1\hp\APPLIC~1\Malwarebytes
[07/09/2008|15:27] C:\DOCUME~1\hp\APPLIC~1\Microsoft
[05/09/2008|21:16] C:\DOCUME~1\hp\APPLIC~1\MSNInstaller
[23/12/2007|00:50] C:\DOCUME~1\hp\APPLIC~1\muvee Technologies
[21/12/2007|23:56] C:\DOCUME~1\hp\APPLIC~1\Nikon
[31/08/2008|19:37] C:\DOCUME~1\hp\APPLIC~1\Playrix Entertainment
[17/02/2009|21:57] C:\DOCUME~1\hp\APPLIC~1\Skype
[17/02/2009|18:16] C:\DOCUME~1\hp\APPLIC~1\skypePM
[25/10/2006|21:55] C:\DOCUME~1\hp\APPLIC~1\Sonic
[25/12/2007|12:10] C:\DOCUME~1\hp\APPLIC~1\Sony Corporation
[12/11/2006|16:07] C:\DOCUME~1\hp\APPLIC~1\Sun
[21/09/2006|14:03] C:\DOCUME~1\hp\APPLIC~1\Symantec
[07/01/2008|23:33] C:\DOCUME~1\hp\APPLIC~1\U3
[01/02/2008|22:41] C:\DOCUME~1\hp\APPLIC~1\vlc
[26/07/2008|19:22] C:\DOCUME~1\hp\APPLIC~1\V-Safe
[27/05/2007|21:48] C:\DOCUME~1\hp\APPLIC~1\Vso

[11/08/2007|15:19] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/08/2007|15:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[17/02/2009 21:23][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[11/08/2007 15:30][--ah-----] C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[17/02/2009 21:52][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 09:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[21/12/2007|23:50] C:\Program Files\Adobe
[01/02/2009|15:47] C:\Program Files\Ahead
[11/08/2007|16:00] C:\Program Files\Alwil Software
[17/05/2005|04:13] C:\Program Files\AMD
[10/12/2006|00:44] C:\Program Files\AOL 9.0
[17/05/2005|04:03] C:\Program Files\ATI Technologies
[04/02/2009|23:57] C:\Program Files\AVS4YOU
[17/03/2007|13:27] C:\Program Files\Babylon
[17/02/2009|00:54] C:\Program Files\CCleaner
[17/05/2005|11:51] C:\Program Files\ComPlus Applications
[17/05/2005|02:54] C:\Program Files\CONEXANT
[23/05/2007|21:29] C:\Program Files\Deskshare
[11/08/2007|15:55] C:\Program Files\Easy Internet signup
[11/08/2007|15:23] C:\Program Files\Emoticons-plus.com
[25/10/2008|22:28] C:\Program Files\eMule
[17/02/2009|11:22] C:\Program Files\Enigma Software Group
[07/02/2009|22:39] C:\Program Files\Fichiers communs
[25/10/2006|22:03] C:\Program Files\Formation interactive Microsoft
[11/11/2006|21:05] C:\Program Files\Free
[16/02/2009|15:44] C:\Program Files\Google
[17/02/2009|13:18] C:\Program Files\Grisoft
[17/05/2005|04:14] C:\Program Files\Hewlett-Packard
[03/12/2006|01:24] C:\Program Files\Hits Collection
[17/05/2005|04:14] C:\Program Files\Hp
[05/09/2006|12:33] C:\Program Files\HPQ
[24/08/2007|18:09] C:\Program Files\IncrediMail
[25/12/2007|11:52] C:\Program Files\InstallShield Installation Information
[11/02/2009|13:46] C:\Program Files\Internet Explorer
[17/05/2005|04:28] C:\Program Files\InterVideo
[13/05/2007|17:39] C:\Program Files\iPod
[13/05/2007|17:39] C:\Program Files\iTunes
[17/05/2005|04:06] C:\Program Files\Java
[23/12/2007|00:41] C:\Program Files\Livre Album Fuji Photo
[16/02/2009|16:18] C:\Program Files\Malwarebytes' Anti-Malware
[04/09/2008|19:10] C:\Program Files\Messenger
[18/01/2009|10:23] C:\Program Files\Messenger Plus! Live
[11/05/2007|02:04] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/05/2005|11:51] C:\Program Files\microsoft frontpage
[21/10/2006|13:13] C:\Program Files\Microsoft Office
[07/09/2008|15:23] C:\Program Files\Microsoft SQL Server Compact Edition
[17/05/2005|04:17] C:\Program Files\Microsoft Works
[25/10/2006|21:43] C:\Program Files\MIT Admin
[17/05/2005|11:51] C:\Program Files\Movie Maker
[06/01/2007|23:59] C:\Program Files\MSN
[31/08/2008|22:56] C:\Program Files\MSN Games
[17/05/2005|11:51] C:\Program Files\MSN Gaming Zone
[03/02/2008|12:59] C:\Program Files\MSN Messenger
[19/11/2006|17:48] C:\Program Files\MSXML 4.0
[17/02/2009|21:55] C:\Program Files\Navilog1
[17/05/2005|11:51] C:\Program Files\NetMeeting
[21/12/2007|23:55] C:\Program Files\Nikon
[17/05/2005|11:51] C:\Program Files\Online Services
[12/03/2008|00:23] C:\Program Files\Outlook Express
[30/04/2008|23:12] C:\Program Files\PC Suite for MTV3.0
[06/10/2008|22:55] C:\Program Files\Picasa2
[13/05/2007|17:37] C:\Program Files\QuickTime
[11/08/2007|16:18] C:\Program Files\RegCleaner
[17/05/2005|04:31] C:\Program Files\Services en ligne
[07/02/2009|22:39] C:\Program Files\Skype
[28/04/2007|19:29] C:\Program Files\SLD Codec Pack
[25/12/2007|11:51] C:\Program Files\Sonic
[25/12/2007|11:45] C:\Program Files\Sony
[20/09/2008|21:53] C:\Program Files\SweetIM
[11/08/2007|15:47] C:\Program Files\Symantec
[17/05/2005|04:28] C:\Program Files\Synaptics
[17/05/2005|11:51] C:\Program Files\Uninstall Information
[01/02/2008|22:40] C:\Program Files\VideoLAN
[27/05/2007|21:48] C:\Program Files\VSO
[07/09/2008|19:02] C:\Program Files\Windows Live
[07/09/2008|15:26] C:\Program Files\Windows Live Favorites
[07/09/2008|15:26] C:\Program Files\Windows Live Toolbar
[04/02/2007|16:46] C:\Program Files\Windows Media Connect 2
[23/03/2008|22:10] C:\Program Files\Windows Media Player
[17/05/2005|11:51] C:\Program Files\Windows NT
[17/05/2005|11:51] C:\Program Files\WindowsUpdate
[16/02/2009|19:54] C:\Program Files\WinPcap
[17/05/2005|11:51] C:\Program Files\xerox
[11/08/2007|15:23] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[21/12/2007|23:50] C:\Program Files\Fichiers communs\Adobe
[11/08/2007|15:56] C:\Program Files\Fichiers communs\AOL
[21/01/2007|23:31] C:\Program Files\Fichiers communs\aolshare
[04/02/2009|23:38] C:\Program Files\Fichiers communs\AVSMedia
[17/05/2005|04:26] C:\Program Files\Fichiers communs\InstallShield
[17/05/2005|04:06] C:\Program Files\Fichiers communs\Java
[17/05/2005|04:33] C:\Program Files\Fichiers communs\LightScribe
[04/02/2009|23:24] C:\Program Files\Fichiers communs\Microsoft Shared
[17/05/2005|11:51] C:\Program Files\Fichiers communs\MSSoap
[21/12/2007|23:56] C:\Program Files\Fichiers communs\muvee Technologies
[15/03/2008|23:09] C:\Program Files\Fichiers communs\Nero
[21/12/2007|23:56] C:\Program Files\Fichiers communs\Nikon
[17/05/2005|11:51] C:\Program Files\Fichiers communs\ODBC
[21/01/2007|23:23] C:\Program Files\Fichiers communs\Services
[07/02/2009|22:39] C:\Program Files\Fichiers communs\Skype
[17/05/2005|04:24] C:\Program Files\Fichiers communs\Sonic Shared
[17/05/2005|11:51] C:\Program Files\Fichiers communs\SpeechEngines
[17/05/2005|04:26] C:\Program Files\Fichiers communs\SureThing Shared
[11/08/2007|15:50] C:\Program Files\Fichiers communs\Symantec Shared
[12/03/2008|02:23] C:\Program Files\Fichiers communs\System
[17/05/2005|04:25] C:\Program Files\Fichiers communs\TiVo Shared
[02/02/2008|21:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[10/03/2007|15:04] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 22:17:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 838

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\hp\Bureau\PHOTOS 7\Crack
C:\DOCUME~1\hp\Bureau\PHOTOS 7\Crack\keygen.exe

[F:2][D:1]-> C:\DOCUME~1\hp\LOCALS~1\Temp
[F:51][D:0]-> C:\DOCUME~1\hp\Cookies
[F:1341][D:7]-> C:\DOCUME~1\hp\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 17/02/2009|22:10 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 17/02/2009|22:18 - Option : [2]

--------------------\\ Fin du rapport a 22:18:59
0
Réponse 23 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Bien.

Il est temps de faire un Hijackthis pour faire le point.
On a déjà nettoyé beaucoup de choses mais je pense qu'il en reste.

Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

* Enregistre HJTInstall.exe sur ton bureau.

* Double-clique sur HJTInstall.exe pour lancer le programme

Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

* Colle le rapport que tu viens de copier sur ce forum
0
Réponse 24 / 47
ricco72 Messages postés 33 Statut Membre
 
voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:33, on 17/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Documents and Settings\hp\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\aich.exe
C:\WINDOWS\winlogox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\hp\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\hp\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\aich.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Formation interactive Microsoft\o10c\mitm0026.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Télécharge de AD-Remover de Cyrildu17 / C_XX) sur ton Bureau.

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Au menu principal, choisis l'option "A".
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 26 / 47
ricco72 Messages postés 33 Statut Membre
 
bon je part au travaille,mais j ai internet et j emmene le portable la bas^^.

je re dans 30 minutes(en esperant que tu serat encore la^^)

merci encore
0
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Non, on continuera demain si tu veux bien.
0
Réponse 27 / 47
ricco72 Messages postés 33 Statut Membre
 
hello,

donc voila le rapport^^:

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

Start at: 22:38:34 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: YOUR-F14AC45099
Current User: hp - Administrator
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: FAT32)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 43

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Documents and Settings\hp\Application Data\EoRezo
C:\Documents and Settings\hp\Application Data\EoRezo\db
C:\Documents and Settings\hp\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\hp\Application Data\EoRezo\eoStats
C:\Documents and Settings\hp\Application Data\EoRezo\EoWeather
C:\Documents and Settings\hp\Application Data\EoRezo\SoftwareUpdate
C:\Documents and Settings\hp\Application Data\EoRezo\EoWeather\images
C:\Documents and Settings\hp\Application Data\EoRezo\EoWeather\images_classic
C:\Documents and Settings\hp\Application Data\EoRezo\EoWeather\images_station_meteo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-0CBF35C0.pf
C:\Documents and Settings\hp\Cookies\hp@eorezo[1].txt

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

HKCU\Software\ItsLabel
HKU\S-1-5-21-3510996960-2309870213-933965502-1006\Software\ItsLabel
.
C:\Documents and Settings\hp\Application Data\ItsLabel
C:\Documents and Settings\hp\Application Data\ItsLabel\ItsTV

+-----------------| Sweetim Elements Found:

HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKCR\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCU\Software\SWEETIE
HKCU\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\MediaPlayer.GraphicsUtils
HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
HKLM\Software\Classes\MgMediaPlayer.GifAnimator
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
HKLM\Software\Classes\SWEETIE.IEToolbar
HKLM\Software\Classes\SWEETIE.IEToolbar.1
HKLM\Software\Classes\SWEETIE.SWEETIE
HKLM\Software\Classes\SWEETIE.SWEETIE.3
HKLM\Software\Classes\Toolbar3.SWEETIE
HKLM\Software\Classes\Toolbar3.SWEETIE.1
HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Microsoft\ESENT\Process\SweetIM
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\Software\Classes\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKCU\SOFTWARE\Microsoft\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\E4748F9A4181FCE46A23C13B517B9420
.
C:\WINDOWS\Installer\d7a3af.msi
C:\WINDOWS\Installer\d7a3c7.msi
C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\WINDOWS\Installer\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
C:\Documents and Settings\All Users\Application Data\SweetIM
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\logs
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\update
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\danyminogue@live.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\rue.melina@hotmail.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\conf\users\selenouille-th@hotmail.fr
C:\Documents and Settings\All Users\Application Data\SweetIM\Messenger\data\contentdb
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer
C:\Documents and Settings\All Users\Application Data\SweetIM\Toolbars\Internet Explorer\cache
C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf

+-----------------| Added Scan:

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-3510996960-2309870213-933965502-1006\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~15152 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 23:40:36 | 17/02/2009
.
+-----------------| E.O.F - 210 Lines
.
0
Réponse 28 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Relance "Ad-remover" : au menu principal choisi l'option "B" .

A l'écran de sélection choisis le chiffre à gauche de ces lignes en validant par ENTREE à chaque fois :

Suppression Eorezo
Suppression Sweetim
Suppression It's TV

Puis choisis "S", le programme va travailler,

Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

0
Réponse 29 / 47
ricco72 Messages postés 33 Statut Membre
 
voila le rapport:

------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

Updated by C_XX on 15/02/2009 at 10:20

*** LIMITED TO ***

Eorezo
Sweetim
It's TV

******************

Start at: 12:45:25 | Mer 18/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: YOUR-F14AC45099
Current User: hp - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 46

(!) ---- IE start pages/Tabs reset

+-----------------| Eorezo Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
.
C:\Documents and Settings\hp\Application Data\EoRezo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-0CBF35C0.pf
C:\Documents and Settings\hp\Cookies\hp@eorezo[1].txt

+-----------------| It's TV Elements Deleted :

HKCU\Software\ItsLabel
.
C:\Documents and Settings\hp\Application Data\ItsLabel

+-----------------| Sweetim Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKCR\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCU\Software\SWEETIE
HKCU\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\ESENT\Process\SweetIM
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\SweetIM
HKCR\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKCU\SOFTWARE\Microsoft\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-3510996960-2309870213-933965502-1006\Components\E4748F9A4181FCE46A23C13B517B9420
.
C:\WINDOWS\Installer\d7a3af.msi
C:\WINDOWS\Installer\d7a3c7.msi
/!\ NOT DELETED - C:\Program Files\SweetIM
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
/!\ NOT DELETED - C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\WINDOWS\Installer\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
C:\Documents and Settings\All Users\Application Data\SweetIM
C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

************* /!\ FILE(S)/FOLDER(S) NOT DELETED /!\ *************

"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"

Second run ...

DELETED ! - "C:\Program Files\SweetIM\Messenger"
DELETED ! - "C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
DELETED ! - "C:\Program Files\SweetIM\Messenger\msvcr71.dll"

+-----------------| Added Scan :

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-3510996960-2309870213-933965502-1006\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~12411 Bytes] - "C:\Ad-Report-Clean-18.02.2009.log"
[~15286 Bytes] - "C:\Ad-Report-Scan-17.02.2009.log"
-

End at: 12:49:26 | 18/02/2009
.
+-----------------| E.O.F - 170 Lines
.
0
Réponse 30 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
OK
Fais un nouvel Hijackthis stp.
0
Réponse 31 / 47
ricco72 Messages postés 33 Statut Membre
 
re coucou^^

voila:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:12, on 18/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\winlogox.exe
C:\WINDOWS\system32\aich.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\hp\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [Window UDP Control Servic] winlogox.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\system32\aich.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {6F74F92E-8DD8-4DDE-8FB8-CBB882A68048} (Microsoft Office XP Professional Step by Step Interactive) - file://C:\Program Files\Formation interactive Microsoft\o10c\mitm0026.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Windows Server Colocation Service (WSCS) - Unknown owner - C:\WINDOWS\system32\wscs.exe
0
Réponse 32 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Télécharge SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite, redémarre en mode sans échec .

Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
--->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presse une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normal), après le chargement du Bureau presse une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Poste ce dernier dans ta prochaine réponse.
0
Réponse 33 / 47
ricco72 Messages postés 33 Statut Membre
 
voila:

[b]SDFix: Version 1.240 [/b]
Run by hp on 18/02/2009 at 18:30

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\autorun.inf - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-18 18:42:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000cc

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL France"
"C:\\Documents and Settings\\hp\\Bureau\\emule.exe"="C:\\Documents and Settings\\hp\\Bureau\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\hp\\Bureau\\incredimail_install.exe"="C:\\Documents and Settings\\hp\\Bureau\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Documents and Settings\\hp\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe"="C:\\Documents and Settings\\hp\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\wscs.exe"="C:\\WINDOWS\\system32\\wscs.exe:*:Enabled:WSCS"
"C:\\WINDOWS\\system32\\winIogon.exe"="C:\\WINDOWS\\system32\\winIogon.exe:*:Enabled:winIogon"
"C:\\WINDOWS\\system32\\gkriz.exe"="C:\\WINDOWS\\system32\\gkriz.exe:*:Disabled:gkriz"
"C:\\WINDOWS\\system32\\yihjk.exe"="C:\\WINDOWS\\system32\\yihjk.exe:*:Enabled:Promo"
"C:\\WINDOWS\\system32\\trhw.exe"="C:\\WINDOWS\\system32\\trhw.exe:*:Disabled:trhw"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 16 Feb 2009 106,748 ..SHR --- "C:\32agsg.exe"
Fri 16 Jan 2009 106,047 ..SHR --- "C:\982um3s9.exe"
Mon 2 Feb 2009 109,930 ..SHR --- "C:\a2h2.com"
Wed 21 Jan 2009 108,869 ..SHR --- "C:\gy.exe"
Sat 24 Jan 2009 105,335 ..SHR --- "C:\imo.exe"
Tue 10 Feb 2009 109,724 ..SHR --- "C:\opgde.exe"
Wed 4 Feb 2009 108,705 ..SHR --- "C:\pook.com"
Fri 23 Jan 2009 107,882 ..SHR --- "C:\w98.com"
Fri 16 Jan 2009 110,003 ..SHR --- "C:\x2csvg.exe"
Wed 11 Feb 2009 45,056 ..SHR --- "C:\WINDOWS\winlogox.exe"
Mon 6 Oct 2008 6,108,728 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 16 Feb 2009 84,992 ..SHR --- "C:\WINDOWS\system32\kav320.dll"
Mon 16 Feb 2009 84,992 ..SHR --- "C:\WINDOWS\system32\kav321.dll"
Wed 11 Feb 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds0.dll"
Tue 10 Feb 2009 95,744 ..SHR --- "C:\WINDOWS\system32\nmdfgds1.dll"
Wed 18 Feb 2009 90,112 ..SHR --- "C:\WINDOWS\system32\optyhww0.dll"
Wed 18 Feb 2009 90,112 ..SHR --- "C:\WINDOWS\system32\optyhww1.dll"
Mon 16 Feb 2009 106,748 ..SHR --- "C:\WINDOWS\system32\urretnd.exe"
Wed 11 Feb 2009 92,280 ..SHR --- "C:\WINDOWS\system32\wscs.exe"
Sun 14 Jan 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 4 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 22 Mar 2007 25,088 A..H. --- "C:\Documents and Settings\hp\Mes documents\POEMES DE DANY\POEMES 2007\~WRL0002.tmp"
Sat 8 Sep 2007 25,088 A..H. --- "C:\Documents and Settings\hp\Mes documents\POEMES DE DANY\POEMES 2007\~WRL0675.tmp"
Sat 8 Sep 2007 25,088 A..H. --- "C:\Documents and Settings\hp\Mes documents\POEMES DE DANY\POEMES 2007\~WRL0744.tmp"
Thu 22 Mar 2007 25,088 A..H. --- "C:\Documents and Settings\hp\Mes documents\POEMES DE DANY\POEMES 2007 2\~WRL0002.tmp"
Sat 8 Sep 2007 25,088 A..H. --- "C:\Documents and Settings\hp\Mes documents\POEMES DE DANY\POEMES 2007 2\~WRL0675.tmp"
Sat 8 Sep 2007 25,088 A..H. --- "C:\Documents and Settings\hp\Mes documents\POEMES DE DANY\POEMES 2007 2\~WRL0744.tmp"

[b]Finished![/b]
0
Réponse 34 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Bon.
Où en es-tu par rapport au problème de départ ?
Comment se comporte le PC ?
0
Réponse 35 / 47
ricco72 Messages postés 33 Statut Membre
 
ben ca a plus rien a voir^^

il es plus rapide c super^^

mais mon rapport malwarebytes detecte les meme virus:(
0
Réponse 36 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Tu peux refaire MBAM et poster le rapport stp.
0
Réponse 37 / 47
ricco72 Messages postés 33 Statut Membre
 
j m en doutait^^

voila:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1765
Windows 5.1.2600 Service Pack 2

18/02/2009 19:07:28
mbam-log-2009-02-18 (19-07-17).txt

Type de recherche: Examen rapide
Eléments examinés: 65431
Temps écoulé: 4 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 38 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
OK, Donc, quand tu es dans MBAM, il faut cliquer sur suppression ? pour éliminer les éléments actuellement marqués : no action taken.
0
Réponse 39 / 47
ricco72 Messages postés 33 Statut Membre
 
je l avait fait avant ca fait rien^^

mais voila j vien de le reffaire:
voila le rapport:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1765
Windows 5.1.2600 Service Pack 2

18/02/2009 20:02:43
mbam-log-2009-02-18 (20-02-43).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 131971
Temps écoulé: 41 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 40 / 47
toptitbal Messages postés 26224 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 232
 
Voila, cette fois, ils sont bien supprimés.

On va faire un nettoyage du registre, il doit y avoir du ménage à faire :

* Télécharge CCleaner.
(attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

https://www.pcastuces.com/logitheque/ccleaner.htm
https://www.commentcamarche.net/telecharger/ 168 ccleaner

Installe le dans un répertoire dédié.

Décoche pendant l'installation

--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour

* Lance Ccleaner pour un nettoyage complet :

Déconnecte-toi et ferme toutes les applications en cours
* va dans "nettoyeur" : fait analyse puis nettoyage
* va dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

Tutorial ici :
https://kerio.probb.fr/
https://www.malekal.com/tutoriel-ccleaner/
ET
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Site pour regarder animé sans virus
ShaylahScarlet -
bendrop -

1 réponse