Sujet Précédent Sujet Suivant

Peut être infecté ?

Résolu/Fermé
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 - 22 mars 2009 à 12:39
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 - 23 mars 2009 à 19:19
Bonjour,

donc il y a deux jours antivir qui trouve worm/mabezat puis aujourd'hui EXP/ASF.GetCodec.Gen à deux reprises je m'inquiète un peu pour être plus sur je vais vous coller un rapport Hijackthis =).

18 réponses

Réponse 1 / 18
Utilisateur anonyme
22 mars 2009 à 12:41
N'écoute pas vraiment Avira, j'ai entendu qu'il dit parfois des bêtises.
0
Réponse 2 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mars 2009 à 12:41
slt,

lance ce logiciel spécialisé pour mabezat en cliquant sur le lien ,et dis si il trouve des infections

http://download.softpedia.com/dl/c702c48200d26886cc6e0fb8c1b90823/49c623b6/100105652/software/antivirus/rmmabez.exe

______________


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
______________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 3 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 14:53
le logiciel spécialisé pour mabezat je l'ai lancé je crois qu'il y a rien juste à la fin il me dit ça :

one or more files failed to scan or clean

je fais Lop S&D.exe je vous maintiens au courant de la suite =).
0
Réponse 4 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 15:12
voilà le rapport:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU 2140 @ 1.60GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : GUERGOURI ( Not Administrator ! )
BOOT : Normal boot
Firewall : ZoneAlarm Firewall 7.1.254.000 (Activated)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:39 Go)
D:\ (Local Disk) - NTFS - Total:111 Go (Free:55 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 22/03/2009|15:07 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[24/11/2007|06:10] C:\Users\GUERGO~1\AppData\Local\Acer Arcade Live
[10/03/2009|11:29] C:\Users\GUERGO~1\AppData\Local\Adobe
[10/12/2007|22:42] C:\Users\GUERGO~1\AppData\Local\Ahead
[07/03/2008|19:14] C:\Users\GUERGO~1\AppData\Local\Apple
[01/04/2008|19:10] C:\Users\GUERGO~1\AppData\Local\Apple Computer
[18/08/2007|16:56] C:\Users\GUERGO~1\AppData\Local\Application Data
[22/03/2009|10:12] C:\Users\GUERGO~1\AppData\Local\ApplicationHistory
[24/08/2007|14:30] C:\Users\GUERGO~1\AppData\Local\ATI
[23/08/2007|09:25] C:\Users\GUERGO~1\AppData\Local\CyberLink
[21/08/2007|13:55] C:\Users\GUERGO~1\AppData\Local\d3d8caps.dat
[20/03/2009|19:25] C:\Users\GUERGO~1\AppData\Local\d3d9caps.dat
[15/03/2009|17:42] C:\Users\GUERGO~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[23/08/2007|09:26] C:\Users\GUERGO~1\AppData\Local\DVDivine
[09/09/2007|11:38] C:\Users\GUERGO~1\AppData\Local\eMule
[08/09/2007|20:29] C:\Users\GUERGO~1\AppData\Local\fusioncache.dat
[15/03/2009|16:29] C:\Users\GUERGO~1\AppData\Local\GameSpy
[15/03/2009|17:38] C:\Users\GUERGO~1\AppData\Local\GDIPFONTCACHEV1.DAT
[11/03/2009|22:05] C:\Users\GUERGO~1\AppData\Local\Google
[18/08/2007|16:56] C:\Users\GUERGO~1\AppData\Local\Historique
[23/08/2007|09:25] C:\Users\GUERGO~1\AppData\Local\HomeMedia
[21/03/2009|21:06] C:\Users\GUERGO~1\AppData\Local\IconCache.db
[05/02/2009|19:12] C:\Users\GUERGO~1\AppData\Local\Microsoft
[30/01/2008|21:36] C:\Users\GUERGO~1\AppData\Local\Microsoft Games
[03/01/2008|16:56] C:\Users\GUERGO~1\AppData\Local\Mozilla
[10/12/2007|22:29] C:\Users\GUERGO~1\AppData\Local\Nero
[20/03/2009|21:32] C:\Users\GUERGO~1\AppData\Local\Paint.NET
[18/08/2007|16:58] C:\Users\GUERGO~1\AppData\Local\PowerCinema
[22/03/2009|15:05] C:\Users\GUERGO~1\AppData\Local\Temp
[18/08/2007|16:56] C:\Users\GUERGO~1\AppData\Local\Temporary Internet Files
[23/08/2007|09:25] C:\Users\GUERGO~1\AppData\Local\VideoMagician
[27/08/2007|17:29] C:\Users\GUERGO~1\AppData\Local\VirtualStore
[03/11/2007|15:38] C:\Users\GUERGO~1\AppData\Local\Windows Live Writer

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[22/03/2009 14:34][--a------] C:\Windows\tasks\Google Software Updater.job
[22/03/2009 15:05][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{5D614B23-C671-44B6-ADEF-2EE2BFD02B96}.job
[20/03/2009 20:00][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - GUERGOURI.job
[22/03/2009 10:11][--ah-----] C:\Windows\tasks\SA.DAT
[21/03/2009 21:06][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[20/04/2007|10:33] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[03/01/2008|13:46] C:\ProgramData\addr_file.html
[10/03/2009|11:29] C:\ProgramData\Adobe
[07/03/2008|19:13] C:\ProgramData\Apple
[07/05/2008|12:18] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[23/11/2007|23:01] C:\ProgramData\ATI
[08/05/2008|21:26] C:\ProgramData\Azureus
[18/08/2007|16:54] C:\ProgramData\Bureau
[03/01/2008|22:20] C:\ProgramData\CheckPoint
[20/04/2007|10:51] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[09/09/2007|11:38] C:\ProgramData\eMule
[21/08/2007|14:46] C:\ProgramData\EPSON
[23/08/2007|13:34] C:\ProgramData\eSobi
[10/03/2009|20:13] C:\ProgramData\ezsidmv.dat
[18/08/2007|16:54] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[11/03/2009|21:56] C:\ProgramData\Google
[21/03/2009|19:16] C:\ProgramData\Google Updater
[19/09/2007|22:11] C:\ProgramData\Grisoft
[18/08/2007|16:49] C:\ProgramData\GTek
[11/11/2008|11:30] C:\ProgramData\InstallShield
[18/08/2007|16:48] C:\ProgramData\Intel
[03/10/2007|13:08] C:\ProgramData\Kaspersky Lab
[22/09/2007|21:40] C:\ProgramData\Kaspersky Lab Setup Files
[21/11/2007|19:09] C:\ProgramData\LightScribe
[19/10/2008|12:04] C:\ProgramData\Malwarebytes
[11/11/2007|18:01] C:\ProgramData\Media Center Programs
[18/08/2007|16:54] C:\ProgramData\Menu D‚marrer
[27/09/2007|20:13] C:\ProgramData\Messenger Plus!
[26/09/2008|10:31] C:\ProgramData\Microsoft
[09/12/2008|23:55] C:\ProgramData\Microsoft Help
[18/08/2007|16:54] C:\ProgramData\ModŠles
[05/01/2008|20:15] C:\ProgramData\Nero
[21/11/2007|19:09] C:\ProgramData\NtiDvdCopy
[27/09/2008|09:04] C:\ProgramData\ntuser.pol
[10/03/2009|20:09] C:\ProgramData\Skype
[22/03/2009|12:43] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[24/09/2007|12:47] C:\ProgramData\Symantec
[02/11/2006|14:02] C:\ProgramData\Templates
[21/08/2007|14:52] C:\ProgramData\UDL
[19/11/2008|14:17] C:\ProgramData\WindowsSearch
[26/09/2008|11:28] C:\ProgramData\WLInstaller

--------------------\\ Listing des dossiers dans C:\Program Files

[21/08/2007|14:50] C:\Program Files\ABBYY FineReader 6.0 Sprint
[20/04/2007|10:50] C:\Program Files\Acer Arcade Live
[18/08/2007|17:02] C:\Program Files\Acer Inc
[20/04/2007|10:33] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[15/03/2009|16:39] C:\Program Files\Adobe
[31/10/2008|13:06] C:\Program Files\Adobe Media Player
[03/10/2007|12:38] C:\Program Files\Alwil Software
[24/08/2007|14:21] C:\Program Files\ATI
[23/11/2007|22:56] C:\Program Files\ATI Technologies
[23/11/2007|21:04] C:\Program Files\ATI Technologies(345)
[03/01/2008|13:32] C:\Program Files\Avira
[07/03/2008|19:15] C:\Program Files\Bonjour
[15/03/2009|17:35] C:\Program Files\CCleaner
[10/03/2009|20:09] C:\Program Files\Common Files
[20/04/2007|10:48] C:\Program Files\CyberLink
[25/10/2008|10:09] C:\Program Files\DivX
[30/06/2008|11:53] C:\Program Files\eMule
[21/08/2007|14:51] C:\Program Files\epson
[20/04/2007|10:55] C:\Program Files\eSobi
[18/08/2007|16:54] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[08/09/2007|20:12] C:\Program Files\GameSpy
[12/03/2009|07:48] C:\Program Files\Google
[10/01/2009|21:21] C:\Program Files\Have Any Dream
[01/09/2007|10:30] C:\Program Files\Hercules
[22/03/2009|12:15] C:\Program Files\Incomplete
[05/03/2009|19:33] C:\Program Files\InstallShield Installation Information
[18/08/2007|16:48] C:\Program Files\Intel
[08/02/2009|17:11] C:\Program Files\Internet Explorer
[05/12/2008|18:51] C:\Program Files\Java
[15/03/2009|17:26] C:\Program Files\JRE
[21/08/2007|17:12] C:\Program Files\Lame MP3 Codec
[15/12/2007|13:53] C:\Program Files\Lavalys
[22/06/2008|20:10] C:\Program Files\Lavasoft
[22/03/2009|12:48] C:\Program Files\LimeWire
[15/03/2009|17:06] C:\Program Files\Malwarebytes' Anti-Malware
[11/02/2009|18:46] C:\Program Files\Messenger Plus! Live
[15/03/2009|17:54] C:\Program Files\Microsoft
[04/09/2007|11:06] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[30/03/2008|12:54] C:\Program Files\Microsoft Office
[05/03/2009|21:27] C:\Program Files\Microsoft Silverlight
[03/11/2007|15:39] C:\Program Files\Microsoft SQL Server Compact Edition
[10/09/2008|12:03] C:\Program Files\Microsoft Works
[20/04/2007|10:31] C:\Program Files\Microsoft.NET
[23/03/2008|14:02] C:\Program Files\Movie Maker
[16/03/2009|19:18] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[18/08/2007|17:09] C:\Program Files\MSXML 4.0
[20/04/2007|10:40] C:\Program Files\NewTech Infosystems
[15/03/2009|17:26] C:\Program Files\OpenOffice.org 2.4
[15/03/2009|17:26] C:\Program Files\OpenOffice.org 3
[26/08/2007|12:38] C:\Program Files\OrangeHSS
[28/08/2008|10:27] C:\Program Files\Paint.NET
[21/03/2009|20:24] C:\Program Files\PKR
[11/06/2008|18:17] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[10/03/2009|20:09] C:\Program Files\Skype
[30/03/2008|12:23] C:\Program Files\SolidWorks EE 2002-2003
[30/03/2008|13:05] C:\Program Files\SolidWorks EE 2002-2003 (2)
[15/03/2009|19:50] C:\Program Files\Spybot - Search & Destroy
[15/03/2009|18:46] C:\Program Files\The KMPlayer
[24/09/2007|11:55] C:\Program Files\Trend Micro
[02/11/2007|15:17] C:\Program Files\TryMedia
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[22/08/2007|09:29] C:\Program Files\USB Disk Win98 Driver
[01/09/2007|12:48] C:\Program Files\VideoLAN
[14/02/2009|20:11] C:\Program Files\VoipBuster.com
[23/03/2008|14:02] C:\Program Files\Windows Calendar
[23/03/2008|14:02] C:\Program Files\Windows Collaboration
[23/03/2008|14:02] C:\Program Files\Windows Defender
[23/03/2008|14:02] C:\Program Files\Windows Journal
[20/03/2009|19:13] C:\Program Files\Windows Live
[27/09/2008|13:46] C:\Program Files\Windows Live Safety Center
[15/03/2009|17:50] C:\Program Files\Windows Live SkyDrive
[12/03/2009|13:11] C:\Program Files\Windows Mail
[12/03/2009|13:11] C:\Program Files\Windows Media Player
[18/08/2007|16:54] C:\Program Files\Windows NT
[23/03/2008|14:02] C:\Program Files\Windows Photo Gallery
[23/03/2008|14:02] C:\Program Files\Windows Sidebar
[15/03/2009|19:50] C:\Program Files\WinRAR
[15/03/2009|18:38] C:\Program Files\XnView2
[21/08/2007|17:11] C:\Program Files\XviD
[03/01/2008|22:20] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[10/03/2009|11:28] C:\Program Files\Common Files\Adobe
[31/10/2008|13:06] C:\Program Files\Common Files\Adobe AIR
[21/08/2007|15:26] C:\Program Files\Common Files\ArcSoft
[30/03/2008|12:54] C:\Program Files\Common Files\DESIGNER
[26/08/2007|12:35] C:\Program Files\Common Files\France Telecom
[10/08/2008|14:55] C:\Program Files\Common Files\INCA Shared
[21/08/2007|14:54] C:\Program Files\Common Files\InstallShield
[18/08/2007|16:48] C:\Program Files\Common Files\Intel
[04/09/2007|16:14] C:\Program Files\Common Files\Java
[20/04/2007|10:39] C:\Program Files\Common Files\LightScribe
[05/03/2009|18:01] C:\Program Files\Common Files\microsoft shared
[20/04/2007|10:39] C:\Program Files\Common Files\muvee Technologies
[20/04/2007|10:40] C:\Program Files\Common Files\NewTech Infosystems
[13/01/2008|17:35] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[10/03/2009|20:09] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[22/08/2007|09:29] C:\Program Files\Common Files\SWF Studio
[24/09/2007|12:51] C:\Program Files\Common Files\Symantec Shared
[23/03/2008|14:02] C:\Program Files\Common Files\System
[26/09/2008|10:32] C:\Program Files\Common Files\Windows Live
[26/09/2008|11:30] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 83 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 15:08:02
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 2195

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\GUERGO~1\AppData\Roaming\Azureus\torrents\Adobe_Photoshop__CS3__Extended___Crack_.3967056.TPB.torrent


[F:923][D:15]-> C:\Users\GUERGO~1\AppData\Local\Temp
[F:4][D:1]-> C:\Users\GUERGO~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:22][D:4]-> C:\Users\GUERGO~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:27][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 22/03/2009|15:10 - Option : [1]

--------------------\\ Fin du rapport a 15:10:30
[ UAC => 1 ]

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 15:44
voici les deux autres rapport j'attends votre réponse =) merci de l'aide :

1er rapport :

Logfile of random's system information tool 1.06 (written by random/random)
Run by GUERGOURI at 2009-03-22 15:32:00
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 40 GB (35%) free of 114 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:35, on 22/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\GUERGOURI\Desktop\RSIT.exe
C:\Program Files\trend micro\GUERGOURI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S6F1D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
0
Réponse 6 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mars 2009 à 17:42
il serait préferable de virer ce crack:

C:\Users\GUERGO~1\AppData\Roaming\Azureus\torrents\Adobe_Photoshop__CS3__Extended___Crack_.3967056.TPB.torrent


_________________

désactive le tea timer de spybot via MODE puis MODE AVANCE puis OUTILS puis RESIDENT car tu as déjà windows defender qui fait une analyse en temps réel

_________________



télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :reg)


:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{953e7f03-c2b7-11dd-b6ea-001bb9739677}]
:commands
[purity]
[emptytemp]
[start explorer]



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________________


colle un rapport avec antivir pour voir
0
Réponse 7 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 19:06
-je ne trouve pas :

C:\Users\GUERGO~1\AppData\Roaming\Azureus\torrents\Adobe_Pho­toshop__CS3__Extended___Crack_.3967056.TPB.torrent

-spybot c'est fait

-et voici le raport :

========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{953e7f03-c2b7-11dd-b6ea-001bb973967­7}\\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\GUERGO~1\AppData\Local\Temp\etilqs_mgeJBjHTTrXPHblK25cl scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGO~1\AppData\Local\Temp\fla612.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGO~1\AppData\Local\Temp\fla769A.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGO~1\AppData\Local\Temp\flaD819.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGO~1\AppData\Local\Temp\flaF6E9.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZLT0236b.TMP scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ZLT03d47.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03222009_190218

Files moved on Reboot...
File C:\Users\GUERGO~1\AppData\Local\Temp\etilqs_mgeJBjHTTrXPHblK25cl not found!
File C:\Users\GUERGO~1\AppData\Local\Temp\fla612.tmp not found!
File C:\Users\GUERGO~1\AppData\Local\Temp\fla769A.tmp not found!
File C:\Users\GUERGO~1\AppData\Local\Temp\flaD819.tmp not found!
File C:\Users\GUERGO~1\AppData\Local\Temp\flaF6E9.tmp not found!
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.
File C:\Windows\temp\ZLT0236b.TMP not found!
File C:\Windows\temp\ZLT03d47.TMP not found!
C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_001_ moved successfully.
C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_002_ moved successfully.
C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_003_ moved successfully.
C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\urlclassifier3.sqlite moved successfully.
C:\Users\GUERGOURI\AppData\Local\Mozilla\Firefox\Profiles\q7bmj1k7.default\XUL.mfl moved successfully.
0
Réponse 8 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mars 2009 à 19:22
refais otmovit avec ceci



:files
C:\Users\GUERGO~1\AppData\Roaming\Azureus\torrents\Adobe_Pho­toshop__CS3__Extended___Crack_.3967056.TPB.torrent
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{953e7f03-c2b7-11dd-b6ea-001bb973967­7}]















puis colle un scan antivir

a plus
0
Réponse 9 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 20:04
voilà

========== FILES ==========
File/Folder C:\Users\GUERGO~1\AppData\Roaming\Azureus\torrents\Adobe_Pho­toshop__CS3__Extended___Crack_.3967056.TPB.torrent not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversio­n\explorer\mountpoints2\{953e7f03-c2b7-11dd-b6ea-001bb973967­7}\\ not found.

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03222009_200135

et la je fais le scan avec antivir (je viens d'installer la nouvelle version 9 )
0
Réponse 10 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 mars 2009 à 20:41
antivir 9 n'existe pas !


tu es sûr

ici

le site
https://www.avira.com/en/downloads
0
Réponse 11 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 21:02
je l'ai téléchargé ici :o http://www.zebulon.fr/actualites/3441-antivirus-gratuit-antivir-version-9.html

le scan se fait

sinon je ne suis pas infecté ?
--

NeSs @pluche ;)
0
Réponse 12 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
22 mars 2009 à 21:18
voilà le scan d'antivir =) :



Avira AntiVir Personal
Report file date: dimanche 22 mars 2009 20:03

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC-DE-GUERGOURI

Version information:
BUILD.DAT : 9.0.0.386 17962 Bytes 11/03/2009 15:55:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 11:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 19:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 03/03/2009 06:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 05/03/2009 13:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 16:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 26/02/2009 19:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 12/02/2009 10:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 17:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 04/03/2009 12:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 19:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 25/02/2009 14:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 19:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 04/03/2009 12:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 17/02/2009 13:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 09:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 06:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 10:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 14:55:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: dimanche 22 mars 2009 20:03

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting search for hidden objects.
'106666' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'OTMoveIt3.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Supervisor.ex' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'mobsync.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'eDSService.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'PCMMediaSharing.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'CLMSServer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
75 processes with 75 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
Begin scan in 'D:\' <DATA>


End of the scan: dimanche 22 mars 2009 21:15
Used time: 1:12:47 Hour(s)

The scan has been done completely.

23276 Scanned directories
525235 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
525233 Files not concerned
3792 Archives were scanned
2 Warnings
2 Notes
106666 Objects were scanned with rootkit scan
0 Hidden objects were found

0
Réponse 13 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 mars 2009 à 12:07
encore des soucis?



Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
0
Réponse 14 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
23 mars 2009 à 18:17
ToolsCleaner ne répond pas quand je le lance si j'utilise Ccleaner c'est bon ou pas ?

Mais sinon mon pc était infecté ou pas :x ? psk à part les alertes d'antivir je n'avais aucun symptomes présent.
0
Réponse 15 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 mars 2009 à 18:37
si tool cleaner ne marche pas alors vire manuellement ce qui a été utilisé

et le dossier otmovit situé dans poste de travail puis C

et oui tu etais infecté











pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
https://www.avira.com/fr/free-antivirus-windows
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR ou SPYWARE GUARD
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/18128.html
https://www.zonealarm.com/software/free-firewall

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 16 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
23 mars 2009 à 18:56
voilà le rapport :

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\GUERGOURI\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\GUERGOURI\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\GUERGOURI\Documents\LopSD.exe: trouvé !
C:\Users\GUERGOURI\Documents\OTMoveIt3.exe: trouvé !
C:\Users\GUERGOURI\Documents\Rsit.exe: trouvé !
C:\Windows\msnfix.txt: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Users\GUERGOURI\Documents\LopSD.exe: supprimé !
C:\lopR.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\GUERGOURI\Documents\OTMoveIt3.exe: supprimé !
C:\Users\GUERGOURI\Documents\Rsit.exe: supprimé !
C:\Windows\msnfix.txt: ERREUR DE SUPPRESSION !!
C:\Lop SD: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\GUERGOURI\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !


Ben j'ai antivir, spybot, zone alarm , malwarebytes et j'utilise mozila firefox :x sinon je suis à jour pour tout j'ai tenté de réparer les erreurs avec ccleaner à plusieur reprise une erreur revient sur cette clé :

HKEY_CLASSES_ROOT\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

ccleaner n'arrive pas à la réparer c'est grave? sinon je suis toujours infectée ou le problème est réglé ?
0
Réponse 17 / 18
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
23 mars 2009 à 18:59
ccleaner n'arrive pas à la réparer c'est grave?

non pas grave sinon tente de reparer avec regcleaner:

https://www.malekal.com/nettoyer-sa-base-de-registre-avec-windows-registry-cleaner/


___________________

vire ces fichiers qui n'ont pas été virés par tool cleaner

C:\Program Files\Trend Micro\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\lopR.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Windows\msnfix.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis: ERREUR DE SUPPRESSION !!
_______________________


sinon je suis toujours infectée ou le problème est réglé ?

c'est réglé!
0
Réponse 18 / 18
NeSs_1 Messages postés 131 Date d'inscription samedi 22 septembre 2007 Statut Membre Dernière intervention 12 mai 2009 9
23 mars 2009 à 19:19
D'accord ben merci de l'aide =) à la prochaine au plaisir =D !!! et désolé du dérangement :x

au revoir et bonne soirée =).

(sujet mis en résolu )
0

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses