PC infécté!!

hassen14 Messages postés 63 Statut Membre -  
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
J'ai une infection que mon antivirus ne peut pas supprimer!
voici mon rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:08, on 17/04/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\hsen\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\hsen\Bureau\u94.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\hsen\hsen.exe
C:\Documents and Settings\hsen\hsen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\hsen\Bureau\HiJackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\System32\vwvoeuxb.exe
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [hsen] C:\Documents and Settings\hsen\hsen.exe /i
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hsen\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{22BB38E2-F2B5-4B5B-9125-78BD1EBB9B73}: NameServer = 213.150.189.10 213.150.191.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{22BB38E2-F2B5-4B5B-9125-78BD1EBB9B73}: NameServer = 213.150.189.10 213.150.191.9
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6635 bytes
Configuration: Windows XP
Firefox 3.0.8

18 réponses

  1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    et pour otmoviet tu l'as fais ou pas car tu n'as pas posté le rapport @+
    2
  2. Utilisateur anonyme
     
    Hello,

    J'ai une infection que mon antivirus ne peut pas supprimer! 

    Tu peux donner + d'informations sur cette infection ?

    ***************************************

    ● Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX ) :https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    ● Lances l'installation du programme en exécutant le fichier téléchargé.
    ● Double-clique maintenant sur le raccourci de Toolbar-S&D.
    ● Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    ● Tape "2" puis valide en appuyant sur "Entrée".

    ! Ne ferme pas la fenêtre lors de la suppression !

    ● Un rapport sera généré, poste son contenu ici.

    (!) NOTE : Si ton Bureau ne réapparait pas,

    Appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    ***************************************

    ● Télécharge DDS:

    Ici: https://download.bleepingcomputer.com/sUBs/dds.scr
    Ou la: https://forospyware.com

    de sUBs sur le bureau.

    (!) L'outil ne nécessite pas d'installation.

    Lances-le en cliquant sur l'icône dds.scr.

    Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg

    ● Le scan ne doit pas dépasser trois minutes.
    ● Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
    ● Il te sera demandé si tu veux faire le scan optionnel.
    Accepte par Oui

    ● Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
    Tu ne le fourniras que si nécessaire.
    Poste moi le rapport DDS.txt.

    ++
    0
  3. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, à toi l'honneur c_xx
    0
  4. hassen14 Messages postés 63 Statut Membre
     
    DDS (Ver_09-03-16.01) - NTFSx86
    Run by hsen at 14:31:18,43 on 17/04/2009
    Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.446.100 [GMT 2:00]

    ============== Running Processes ===============

    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Documents and Settings\hsen\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Documents and Settings\hsen\Bureau\u94.exe
    C:\Program Files\Avira\AntiVir Desktop\avscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\hsen\hsen.exe
    C:\Documents and Settings\hsen\hsen.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\hsen\Bureau\HiJackThis.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\hsen\Bureau\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://search.msn.fr/spbasic.htm
    mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=
    mWindow Title =
    uInternet Settings,ProxyOverride = local
    uInternet Settings,ProxyServer = 127.0.0.1:9666
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q=%s
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
    uRun: [ares] "c:\program files\ares\Ares.exe" -h
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [hsen] c:\documents and settings\hsen\hsen.exe /i
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Windows DLL Loader] c:\windows\system32\vwvoeuxb.exe
    mRun: [Windows Logon Application] c:\windows\system32\logon.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\hsen\menudm~1\progra~1\dmarra~1\notifi~1.lnk - c:\documents and settings\hsen\application data\microsoft\notification de cadeaux msn\lsnfier.exe
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\dslmon.lnk - c:\program files\sagem\sagem f@st 800-840\dslmon.exe
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136244205015
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    TCP: {22BB38E2-F2B5-4B5B-9125-78BD1EBB9B73} = 213.150.189.10 213.150.191.9
    Notify: AtiExtEvent - Ati2evxx.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hsen\applic~1\mozilla\firefox\profiles\19sw9jz8.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
    FF - component: c:\documents and settings\hsen\application data\idm\idmmzcc2\components\idmmzcc.dll

    ============= SERVICES / DRIVERS ===============

    R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-1-2 22360]
    R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [2006-1-2 45416]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2006-1-2 108289]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2006-1-2 185089]
    R3 e4usbae;USB ADSL2 LAN Adapter;c:\windows\system32\drivers\e4usbae.sys [2006-1-2 89600]
    S2 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
    S2 ati64si;ati64si;\??\c:\windows\system32\drivers\ati64si.sys --> c:\windows\system32\drivers\ati64si.sys [?]
    S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2006-1-2 69656]
    S2 ksi32sk;ksi32sk;\??\c:\windows\system32\drivers\ksi32sk.sys --> c:\windows\system32\drivers\ksi32sk.sys [?]

    =============== Created Last 30 ================

    2009-04-17 14:27 <DIR> --d----- C:\ToolBar SD
    2009-04-17 13:33 20,962 ----h--- c:\documents and settings\hsen\hsen.exe
    2009-04-17 10:25 <DIR> --d----- c:\program files\Bonjour
    2009-04-17 10:00 1,208 a------- c:\windows\Radio_Fr.ini
    2009-04-17 09:02 <DIR> --d----- c:\program files\QuickMediaConverter
    2009-04-15 18:14 <DIR> --d----- c:\program files\Orban
    2009-04-15 18:10 <DIR> --d----- c:\program files\Radio Fr Solo
    2009-04-15 13:30 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
    2009-04-15 12:20 608,448 a------- c:\windows\system32\comctl32.ocx
    2009-04-15 12:20 <DIR> --d----- c:\program files\Total Video Converter
    2009-04-14 20:22 <DIR> --d----- c:\program files\SpeedBit Video Accelerator
    2009-04-14 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpeedBit
    2009-04-14 20:13 <DIR> --d----- c:\program files\DAP
    2009-04-14 20:04 548,352 a------- c:\windows\system32\amp3dj.ocx
    2009-04-14 20:04 <DIR> --d----- c:\program files\Usenet Radio
    2009-04-14 20:02 <DIR> --d----- c:\docume~1\hsen\applic~1\GetRightToGo
    2009-04-13 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
    2009-04-13 20:13 <DIR> --d----- c:\docume~1\hsen\applic~1\Azureus
    2009-04-13 20:13 <DIR> --d----- c:\program files\Vuze
    2009-04-12 21:40 <DIR> --d----- c:\program files\Ares
    2009-04-12 19:00 316,640 a------- c:\windows\WMSysPr9.prx
    2009-04-12 19:00 <DIR> --d----- c:\windows\RegisteredPackages
    2009-04-12 13:22 <DIR> --d----- c:\program files\Internet Download Manager
    2009-04-12 11:52 360,960 a------- c:\windows\system32\qmgr.dll
    2009-04-12 11:50 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
    2009-04-12 11:50 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
    2009-04-12 11:50 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
    2009-04-12 11:50 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
    2009-04-12 11:50 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
    2009-04-12 11:50 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
    2009-04-12 11:50 8,704 a------- c:\windows\system32\kbdjpn.dll
    2009-04-12 11:50 8,192 a------- c:\windows\system32\kbdkor.dll
    2009-04-12 11:50 6,144 a------- c:\windows\system32\kbd106.dll
    2009-04-12 11:50 6,144 a------- c:\windows\system32\kbd101c.dll
    2009-04-12 11:50 6,144 a------- c:\windows\system32\kbd101b.dll
    2009-04-12 11:50 5,632 a------- c:\windows\system32\kbd103.dll
    2009-04-12 09:08 <DIR> --d----- c:\docume~1\hsen\applic~1\IDM
    2009-04-12 09:08 <DIR> --d----- c:\program files\eMule
    2009-04-11 20:30 0 a------- c:\windows\system32\atiicdxx.dat
    2009-04-11 18:54 <DIR> --d----- c:\docume~1\hsen\applic~1\Malwarebytes
    2009-04-11 18:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-04-11 18:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-11 18:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-04-11 18:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-04-11 18:21 <DIR> --d----- c:\program files\CCleaner
    2009-04-11 17:08 272,896 a------- c:\windows\system32\kerberos.dll
    2009-04-11 17:06 115,976 a------- c:\windows\system32\drivers\rdpwd.sys
    2009-04-11 17:06 1,354,240 a------- c:\windows\system32\query.dll
    2009-04-11 17:06 1,797,376 a------- c:\windows\system32\win32k.sys
    2009-04-11 17:06 233,984 a------- c:\windows\system32\tapisrv.dll
    2009-04-11 17:05 99,840 a------- c:\windows\system32\win32spl.dll
    2009-04-11 17:05 51,200 a------- c:\windows\system32\spoolsv.exe
    2009-04-11 17:03 200,064 a------- c:\windows\system32\drivers\rmcast.sys
    2009-04-11 17:03 196,288 ac------ c:\windows\system32\dllcache\tcpip6.sys
    2009-04-11 17:03 154,112 a------- c:\windows\system32\netman.dll
    2009-04-11 17:03 332,928 a------- c:\windows\system32\drivers\tcpip.sys
    2009-04-11 17:01 1,148,928 a------- c:\windows\system32\quartz.dll
    2009-04-11 17:01 108,544 a------- c:\windows\system32\umpnpmgr.dll
    2009-04-11 17:01 359,936 a------- c:\windows\system32\msdtcprx.dll
    2009-04-11 17:01 151,040 a------- c:\windows\system32\msdtcuiu.dll
    2009-04-11 17:01 61,440 a------- c:\windows\system32\mtxclu.dll
    2009-04-11 17:00 163,328 ac------ c:\windows\system32\dllcache\rdbss.sys
    2009-04-11 17:00 90,624 ac------ c:\windows\system32\dllcache\cscdll.dll
    2009-04-11 17:00 407,552 a------- c:\windows\system32\drivers\mrxsmb.sys
    2009-04-11 17:00 163,328 a------- c:\windows\system32\drivers\rdbss.sys
    2009-04-11 17:00 90,624 a------- c:\windows\system32\cscdll.dll
    2009-04-11 17:00 1,932,288 a------- c:\windows\system32\ntkrnlpa.exe
    2009-04-11 17:00 1,903,616 a------- c:\windows\system32\ntoskrnl.exe
    2009-04-11 17:00 562,176 a------- c:\windows\system32\user32.dll
    2009-04-11 16:50 <DIR> --d----- c:\windows\system32\appmgmt
    2009-04-11 16:12 56,832 ac------ c:\windows\system32\dllcache\usbaudio.sys
    2009-04-11 16:12 56,832 a------- c:\windows\system32\drivers\USBAUDIO.sys
    2009-04-11 16:11 28,160 ac------ c:\windows\system32\dllcache\usbccgp.sys
    2009-04-11 16:11 28,160 a------- c:\windows\system32\drivers\usbccgp.sys
    2009-04-11 11:28 244 a---h--- C:\sqmnoopt01.sqm
    2009-04-11 11:28 232 a---h--- C:\sqmdata01.sqm
    2009-04-11 11:20 <DIR> --d----- c:\documents and settings\hsen\Contacts
    2009-04-11 11:20 268 a---h--- C:\sqmdata00.sqm
    2009-04-11 11:20 244 a---h--- C:\sqmnoopt00.sqm
    2009-04-11 11:19 <DIR> --d----- c:\program files\MSN Messenger
    2009-04-11 11:07 410,984 a------- c:\windows\system32\deploytk.dll
    2009-04-11 10:46 1,006,592 a------- c:\windows\system32\esent.dll
    2009-04-11 10:13 131,712 ac------ c:\windows\system32\dllcache\ks.sys
    2009-04-11 10:13 57,856 ac------ c:\windows\system32\dllcache\drmk.sys
    2009-04-11 10:13 44,416 ac------ c:\windows\system32\dllcache\stream.sys
    2009-04-11 10:13 131,712 a------- c:\windows\system32\drivers\ks.sys
    2009-04-11 10:13 57,856 a------- c:\windows\system32\drivers\drmk.sys
    2009-04-11 10:13 44,416 a------- c:\windows\system32\drivers\stream.sys
    2009-04-11 10:13 117,248 ac------ c:\windows\system32\dllcache\ksproxy.ax
    2009-04-11 10:13 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
    2009-04-11 10:13 117,248 a------- c:\windows\system32\ksproxy.ax
    2009-04-11 10:13 4,096 a------- c:\windows\system32\ksuser.dll
    2009-04-11 10:13 5,063,168 a------- c:\windows\system32\drivers\RtkHDAud.sys
    2009-04-11 10:13 1,206,816 a------- c:\windows\RtlUpd.exe
    2009-04-11 10:08 <DIR> --d----- c:\documents and settings\hsen\Shared
    2009-04-11 10:07 <DIR> --d----- c:\documents and settings\hsen\Incomplete
    2009-04-11 10:07 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-04-11 09:56 <DIR> --d----- c:\docume~1\hsen\applic~1\mp3rocket
    2009-04-11 09:38 22,016 a------- c:\windows\system32\wdmaud.drv
    2009-04-11 09:38 <DIR> --d----- c:\program files\Realtek
    2009-04-11 09:38 540,672 a------- c:\windows\RtlExUpd.dll
    2009-04-11 09:13 <DIR> --d----- c:\windows\system32\bits
    2009-03-30 10:51 210,352 a------- c:\windows\system32\idmmbc.dll

    ==================== Find3M ====================

    2009-04-14 17:40 2,678 a------- c:\windows\java\packages\data\MIU0KGU4.DAT
    2009-04-14 17:40 2,678 a------- c:\windows\java\packages\data\XFRRXBTB.DAT
    2009-04-14 17:40 2,678 a------- c:\windows\java\packages\data\KMEDR131.DAT
    2009-04-14 17:40 2,678 a------- c:\windows\java\packages\data\B1ZN77XB.DAT
    2009-04-14 17:40 2,678 a------- c:\windows\java\packages\data\84FFFLF5.DAT
    2009-04-11 09:35 368,076 a------- c:\windows\system32\perfh00C.dat
    2009-04-11 09:35 48,856 a------- c:\windows\system32\perfc00C.dat
    2009-02-24 09:36 1,109 a------- c:\windows\system32\drivers\PConfig.DCF

    ============= FINISH: 14:31:36,37 ===============
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Re,

    Hassen, et le rapport ToolbarSD ?

    Jacques.gache, tu veux prendre la suite?

    ++
    0
  7. hassen14 Messages postés 63 Statut Membre
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : hsen ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:78 Go (Free:69 Go)
    D:\ (Local Disk) - NTFS - Total:70 Go (Free:70 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 17/04/2009|14:48 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\System32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q="
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"
    voila le raport de la recherche de toulbar ;

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\hsen\Mes documents\Downloads\Compressed\Top 40 singles USA April 3rd (2009)\13 Eminem Feat. 50 Cent & Dr. Dre - Crack A Bottle.mp3
    C:\DOCUME~1\hsen\Mes documents\Downloads\Programs\Internet.Download.Manager.v5.12.8.WinAll.Incl.Keygen.and.Patch-CRD.rar

    1 - "C:\ToolBar SD\TB_1.txt" - 17/04/2009|14:29 - Option : [2]
    2 - "C:\ToolBar SD\TB_2.txt" - 17/04/2009|14:48 - Option : [1]

    -----------\\ Fin du rapport a 14:48:59,21
    0
  8. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    C_XX bonjour, non tu étais le premier comme d'ab !! lol !! je te laisse la suite @+
    0
  9. hassen14 Messages postés 63 Statut Membre
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : Phoenix - Award BIOS v6.00PG
    USER : hsen ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:78 Go (Free:69 Go)
    D:\ (Local Disk) - NTFS - Total:70 Go (Free:70 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 17/04/2009|14:54 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\System32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=13116&gct=&gc=1&q="
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\hsen\Mes documents\Downloads\Compressed\Top 40 singles USA April 3rd (2009)\13 Eminem Feat. 50 Cent & Dr. Dre - Crack A Bottle.mp3
    C:\DOCUME~1\hsen\Mes documents\Downloads\Programs\Internet.Download.Manager.v5.12.8.WinAll.Incl.Keygen.and.Patch-CRD.rar

    1 - "C:\ToolBar SD\TB_1.txt" - 17/04/2009|14:29 - Option : [2]
    2 - "C:\ToolBar SD\TB_2.txt" - 17/04/2009|14:48 - Option : [1]
    3 - "C:\ToolBar SD\TB_3.txt" - 17/04/2009|14:54 - Option : [2]

    -----------\\ Fin du rapport a 14:54:31,20
    0
  10. hassen14 Messages postés 63 Statut Membre
     
    il n'y a rien de nouveau il n'y a rien de diférent
    plz aider moi .
    0
  11. Utilisateur anonyme
     
    Bon je prend la suite alors.

    Normal que rien ne c'est passé Hassen, déjà j'ai demandé l'option nettoyage de ToolBArSD, résultat, tu m'as fait l'option scan !!

    Fait l'option nettoyage.
    Merci.

    Ensuite,

    ● Télécharge OtmoveIt3 d'Old Timer Sur ton bureau.

    ● Double clique sur " OtmoveIt3.exe " pour le lancer.

    ● Copie/colle le texte suivant en gris dans la case de gauche " Paste Instructions for items to be moved "

    :processes
    explorer.exe
    vwvoeuxb.exe
    logon.exe
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "Windows DLL Loader"=-
    "Windows Logon Application"=-
    
    :files
    c:\windows\java\packages\data\MIU0KGU4.DAT
    c:\windows\java\packages\data\XFRRXBTB.DAT
    c:\windows\java\packages\data\KMEDR131.DAT
    c:\windows\java\packages\data\B1ZN77XB.DAT
    c:\windows\java\packages\data\84FFFLF5.DAT 
    C:\DOCUME~1\hsen\Mes documents\Downloads\Programs\Internet.Download.Manager.v5.12.8.WinAll.Incl.Keygen.and.Patch-CRD.rar 
    c:\windows\system32\vwvoeuxb.exe
    c:\windows\system32\logon.exe 
    
    :Commands
    [zipfiles]
    [emptytemp]
    [start explorer]
    


    ● Clique sur " MoveIt! "
    ● Copie tout ce qui est marqué dans la case de droite " Results "
    ● Colle tout sur le forum.

    ( Rapport situé ici aussi : C:\_OTMoveIt\MovedFiles )

    **************************************************

    ● Lance MalwareByte's Anti-Malware,
    Mets le à jour ( avec l'onglet 'Mise à jour' )
    ● Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
    ● Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait
    ● clique sur Rechercher
    ● Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
    ● Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
    ● Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
    ● Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Tutorial : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ++
    0
  12. hassen
     
    le virus ;"tr/crypte/xdr.gen" est encore la
    0
  13. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    fais ce que te demande C_XX dans le message 9 avec otmoviet et malwarebytes
    0
    1. hassen
       
      Malwarebytes' Anti-Malware 1.36
      Database version: 2002
      Windows 5.1.2600 Service Pack 1

      17/04/2009 16:06:39
      mbam-log-2009-04-17 (16-06-39).txt

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 95079
      Time elapsed: 15 minute(s), 20 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 11
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 30

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      C:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN1F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN24.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN26.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN28.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN29.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN38.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN48.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN4C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN4D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN4E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\hsen\Local Settings\Temp\BN4F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
      0
  14. hassen
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04172009_161746
    0
  15. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    ton rapport otmoviet est plus que bizare tu avais bien fais un copier coller de ce qui était donné dans la procédure
    :processes
    explorer.exe
    vwvoeuxb.exe
    logon.exe

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "Windows DLL Loader"=-
    "Windows Logon Application"=-

    :files
    c:\windows\java\packages\data\MIU0KGU4.DAT
    c:\windows\java\packages\data\XFRRXBTB.DAT
    c:\windows\java\packages\data\KMEDR131.DAT
    c:\windows\java\packages\data\B1ZN77XB.DAT
    c:\windows\java\packages\data\84FFFLF5.DAT
    C:\DOCUME~1\hsen\Mes documents\Downloads\Programs\Internet.Download.Manager.v5.12.8.WinAll.Incl.Keygen.and.Patch-CRD.rar
    c:\windows\system32\vwvoeuxb.exe
    c:\windows\system32\logon.exe

    :Commands
    [zipfiles]
    [emptytemp]
    [start explorer]
    0
    1. hassen
       
      oui pk c plus bizard
      0
  16. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    parce que ton rapport ne resemble pas à un rapport dans lequel il y aurait été coller ce qui à été donné donc pour être sur tu refais otmoviet et tu fais un copier coller de ce qui est en gras et tu postes le nouveau rapport , Merci

    Double-clique sur OTMoveIt3.exe pour le lancer.

    Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

    Copie la liste qui se trouve en gras ci-dessous,

    et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".

    :processes
    explorer.exe
    vwvoeuxb.exe
    logon.exe

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\run]
    "Windows DLL Loader"=-
    "Windows Logon Application"=-

    :files
    c:\windows\java\packages\data\MIU0KGU4.DAT
    c:\windows\java\packages\data\XFRRXBTB.DAT
    c:\windows\java\packages\data\KMEDR131.DAT
    c:\windows\java\packages\data\B1ZN77XB.DAT
    c:\windows\java\packages\data\84FFFLF5.DAT
    C:\DOCUME~1\hsen\Mes documents\Downloads\Programs\Internet.Download.Manager.v5.12.8.WinAll.Incl.Keygen.and.Patch-CRD.rar
    c:\windows\system32\vwvoeuxb.exe
    c:\windows\system32\logon.exe

    :Commands
    [zipfiles]
    [emptytemp]
    [start explorer]



    Clique sur "MoveIt!" pour lancer la suppression.

    Le résultat apparaitra dans le cadre "Results".

    Clique sur "Exit" pour fermer.

    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

    Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    0
  17. hassen
     
    voila le raport
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret < File/Folder gmer.log not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder gmer_uninstall.cmd not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder gmer.sys not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <Service not present: gmer.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder haxfix.exe not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder haxfix.txt not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder killbox.exe not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder !Killbox not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder NoLop.exe not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder NoLop.txt not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder NoLopOLD.txt not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder delete.bat not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder OTListIt2.exe not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder OTListIt.txt not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder Extras.txt not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder _OTListIt not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder OTMoveIt.exe not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File/Folder OTMoveIt2.exe not found.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File delete failed. C:\Documents and Settings\hsen\Bureau\OTMoveIt3.exe scheduled to be deleted on reboot.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt\MovedFiles\04172009_161746 folder deleted successfully.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt\MovedFiles\04172009_153009 folder deleted successfully.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt\MovedFiles folder deleted successfully.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt folder deleted successfully.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Error: Unable to interpret <File delete failed. C:\Documents and Settings\hsen\Bureau\OTMoveIt3.exe scheduled to be deleted on reboot.> in the current context!> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret < > in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_130310> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Service not present: catchme.> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <Service not present: gmer.> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <File delete failed. C:\Documents and Settings\hsen\Bureau\OTMoveIt3.exe scheduled to be deleted on reboot.> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt\MovedFiles\04182009_130310 folder deleted successfully.> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt\MovedFiles folder deleted successfully.> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <C:\_OTMoveIt folder deleted successfully.> in the current context!> in the current context!
    Error: Unable to interpret <Error: Unable to interpret <File delete failed. C:\Documents and Settings\hsen\Bureau\OTMoveIt3.exe scheduled to be deleted on reboot.> in the current context!> in the current context!
    Error: Unable to interpret < > in the current context!
    Error: Unable to interpret <OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_130332> in the current context!

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_130342
    0
  18. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    ton rapport resemble à rien de logique tu fais bien un copier coller de ce qui est en gras dans le message 18 comme demander de le faire dans le cadre de gauche de otmoviet ???

    bon la passes malwarebytes

    Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    . sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
    . enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Il va se mettre à jour une fois faite
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés)

    . cliques sur Supprimer la sélection

    . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . redemarre le pc
    . une fois redémarré double-cliques sur malwarebytes
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    0