Surabaya

abdel -  
abdel__ Messages postés 58 Statut Membre -
Bonjour, voici les resultats obtenu apres scanner mon ordi par hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:18, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealJukebox\tsystray.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Menara\dslmon.exe
C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com
C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com
C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\lpqm.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\snjfd.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\vwhu.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\winviwvs.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\DOCUME~1\hp\LOCALS~1\Temp\xffb.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\pceo.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.menara.ma/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.menara.ma/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {34EDFCA9-D4FF-9CAE-DF22-CA6B60E2ED17} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [yrqppzmoglbmnutwb] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\isctovdbxk.dll"
O4 - HKLM\..\Run: [ZNsoft Optimizer Xp] C:\Program Files\ZNsoft Corporation\ZNsoft Optimizer Xp\ZNsoft Xp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [RealJukeboxSystray] "c:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [LiteCity] C:\DOCUME~1\hp\APPLIC~1\BROWSE~1\SkipBias.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Online.com
O4 - Startup: Adobe update.com
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u10-windows-i586-jc.cab&AuthParam=1580987764_a5235be86e79daca0cfb05ddc36bfbcd&ext=.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71BA674A-663F-49DA-92FE-8E035C1A530A}: NameServer = 62.251.229.223 62.251.229.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Bosco - Module Esclave (slave) - Unknown owner - C:\Program Files\Bosco\slave.exe (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.animationsgis.com/Images/anges/estelleange25.gif
O24 - Desktop Component 1: (no name) - http://www.animationsgis.com/Images/anges/olly_angecoeur.gif
O24 - Desktop Component 2: (no name) - http://www.animationsgis.com/Images/anges/kelly_ange5.gif
O24 - Desktop Component 3: (no name) - http://www.animationsgis.com/Images/anges/hermasyvonne_ange9.gif
O24 - Desktop Component 4: (no name) - http://www.moziga.biz/images/play.gif

67 réponses

Précédent
Réponse 41 / 67
abdel__ Messages postés 58 Statut Membre
 
a remarquer aussi que je ne peux rien telecharger , l'installation n'aboutie pas
0
Réponse 42 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

en particulier installe la Console de récupération.

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
0
abdel__ Messages postés 58 Statut Membre
 
reasalut ,
impossible de telecharger quoi que ce soit !!!meme combofix
jé desinstallé combofix comme vous m'avez demandé , et il est impossible de l'installer !!!
je clique sur telecharger + executer + installer , apres tout disparu
ceci est pour le programme combofix comme pour autres choses
0
Réponse 43 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

refais tourner RSIT et poste le rapport.

As tu un autre ordi sous la main ? avec un graveur ?
0
abdel__ Messages postés 58 Statut Membre
 
non jé pas un autre ordi

Logfile of random's system information tool 1.06 (written by random/random)
Run by hp at 2009-05-26 17:58:13
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 13 GB (66%) free of 20 GB
Total RAM: 247 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:24, on 26/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealJukebox\tsystray.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com
C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com
C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\WINDOWS\system32\WINMINE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\winegtbcl.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\nfscna.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\xjsqaf.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\hp\Bureau\RSIT.exe
C:\Program Files\trend micro\hp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bladinet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealJukeboxSystray] "c:\Program Files\Real\RealJukebox\tsystray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Online.com
O4 - Startup: Adobe update.com
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - https://sdlc-esd.oracle.com/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u10-windows-i586-jc.cab&AuthParam=1580987764_a5235be86e79daca0cfb05ddc36bfbcd&ext=.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71BA674A-663F-49DA-92FE-8E035C1A530A}: NameServer = 62.251.229.223 62.251.229.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
0
Réponse 44 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

est ce que ceci marcherait ?

Télécharge OTL de OLDTimer ici :

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant "scan all users"

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)


Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.
0
abdel__ Messages postés 58 Statut Membre
 
OTL Extras logfile created on: 26/05/2009 21:09:52 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

247,48 Mb Total Physical Memory | 47,17 Mb Available Physical Memory | 19,06% Memory free
606,54 Mb Paging File | 126,00 Mb Available in Paging File | 20,77% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 12,81 Gb Free Space | 65,59% Space Free | Partition Type: NTFS
Drive D: | 18,75 Gb Total Space | 18,38 Gb Free Space | 98,04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP-7E00783F7641
Current User Name: hp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

[color=orange]========== File Associations ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = scrfile] -- %1

[color=orange]========== Security Center Settings ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

[color=orange]========== Authorized Applications List ==========/color

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,987,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/07/08 16:04:38 | 00,036,864 | ---- | M] (ActiveState Corporation) -- C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application
File not found -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:51:28 | 03,987,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec
[2007/03/16 19:25:16 | 25,268,264 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2005/10/06 18:27:00 | 12,115,968 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:ipsec
[2008/04/14 02:34:06 | 00,769,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
[2009/05/17 18:35:21 | 00,181,760 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:ipsec
[2008/04/14 02:34:15 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec
[2005/01/14 23:38:02 | 02,117,632 | ---- | M] (ToniArts) -- C:\Program Files\ToniArts\EasyCleaner\EasyClea.exe:*:Enabled:ipsec
[2009/02/06 18:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe:*:Enabled:ipsec
[2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe:*:Enabled:ipsec
[2002/08/21 05:13:12 | 00,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE:*:Enabled:ipsec
[2009/04/23 21:00:55 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe:*:Enabled:ipsec
File not found -- C:\ComboFix\NirCmd.cfexe:*:Enabled:ipsec
File not found -- C:\ComboFix\hidec.exe:*:Enabled:ipsec
[2006/06/13 11:34:54 | 00,909,312 | ---- | M] () -- C:\Program Files\Menara\dslmon.exe:*:Enabled:ipsec
File not found -- C:\WINDOWS\system32\CF2242.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\qyjlln.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\wineaau.exe:*:Enabled:ipsec
[2008/04/14 02:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winwflcck.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winbimy.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\qklwp.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winhhefy.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\udtns.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\cwfe.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winpaob.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winuacq.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\xhsxi.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winilfk.exe:*:Enabled:ipsec
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winesnow.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winusho.exe:*:Enabled:ipsec
[2009/04/11 02:01:10 | 00,213,504 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe:*:Enabled:ipsec
[2003/07/25 11:15:48 | 00,679,936 | ---- | M] (-) -- C:\Program Files\Eraser\eraser.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winrlxd.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\jeiynh.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winesucgg.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\gchcu.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winepdnd.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winmvpq.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winrqkhjn.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winnpbwh.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\xebsw.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winejqdff.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winbbbx.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winktucb.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\ojkc.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\oyknyy.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\snssj.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winuqhjym.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winskpoop.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\wingvoie.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winegtbcl.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\nfscna.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winskdmg.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\rcgbkq.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winovrdk.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winrugi.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\gjnuj.exe:*:Enabled:ipsec
[2009/05/26 13:20:00 | 01,365,264 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========/color

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"{13616DE2-9795-4910-8C93-80D45AF09658}" = iTunes
"{175B7C4A-CAF8-437A-B597-73E0D2D970FE}" = Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2231CE39-B963-4B9D-823A-F412ECA637B1}" = Windows Live Writer
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3585ED1C-74C5-43B0-A232-831B96A12A2B}" = Menus intelligents (Windows Live Toolbar)
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E}" = Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
"{44E54A81-9D91-4AA1-9417-80AFF134F5FF}" = Galerie de photos Windows Live
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800/840
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51F366F4-C2E4-429A-866A-59C885ED42FD}" = Bloqueur de fenêtres pop-up (Windows Live Toolbar)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{63DC2DA0-2A6C-4C38-9249-B75395458657}" = Windows Live Mail
"{66450A49-F7A1-4BE8-A626-609B8005ADB6}_is1" = ZNsoft Optimizer Xp
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}" = Windows Live Sync
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AB25E068-C7A2-482F-A3BC-588A5869844D}" = Kit de Connexion MENARA
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D6A2DDE3-9D7C-412C-932A-756580D29919}" = Windows Live Contrôle parental
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites pour Windows Live Toolbar
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E74559C2-BB47-45AD-83DD-0D66B67E7811}" = Navigation par onglets (Windows Live Toolbar)
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F242B06B-517F-4D62-B654-16B11564A912}" = OneCare Advisor (Windows Live Toolbar)
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"aMSN" = aMSN 0.97.2
"CCleaner" = CCleaner (remove only)
"Chess Mafia_is1" = Chess Mafia
"d26c853d-c43b-898f-67ca-87b05c393cd1" = Contextual Tool Adservefast
"Eraser_is1" = Eraser
"gjretmnnpkmpwvufd" = RON Too1 Adservefast
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD}" = QuickTime
"InstallShield_{13616DE2-9795-4910-8C93-80D45AF09658}" = iTunes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Navilog1_is1" = Navilog1 3.7.7
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealJukebox 1.0" = RealJukebox
"RealPlayer 6.0" = RealPlayer Basic
"RichFX Player" = RichFX Player
"Skype_is1" = Skype 3.1
"USB Disk Security_is1" = USB Disk Security 5.0.0.35
"VisualRoute Lite Edition" = VisualRoute Lite Edition
"Who's Closing My Convo" = Who's Closing My Convo 1.0
"Winamp3" = Winamp3 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=orange]========== HKEY_CURRENT_USER Uninstall List ==========/color

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN

[color=orange]========== HKEY_USERS Uninstall List ==========/color

[HKEY_USERS\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN

[color=orange]========== Last 10 Event Log Errors ==========/color

[ Application Events ]
Error - 23/05/2009 19:11:02 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\RECENT\DESKTOP.INI>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 23/05/2009 19:16:00 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\RECENT\DESKTOP.INI>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 24/05/2009 11:48:05 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\RECENT\DESKTOP.INI>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 25/05/2009 17:17:13 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 25/05/2009 17:18:20 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 25/05/2009 17:18:20 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 25/05/2009 17:20:51 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\TRACING\WINDOWSLIVEMESSENGER-UCCAPI-0.UCCAPILOG>
dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 25/05/2009 19:06:27 | Computer Name = HP-7E00783F7641 | Source = Windows Live Messenger | ID = 1000
Description =

Error - 26/05/2009 13:00:05 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\RECENT\????
????.LNK> dans la configuration de hachage. Contexte : Application , Catalogue SystemIndex

Détails
: Un périphérique attaché au système ne fonctionne pas correctement. (0x8007001f)


Error - 26/05/2009 13:00:19 | Computer Name = HP-7E00783F7641 | Source = Windows Search Service | ID = 3013
Description = Impossible de mettre à jour l'entrée <C:\DOCUMENTS AND SETTINGS\HP\RECENT\?????
? ????? ? ?????.LNK> dans la configuration de hachage. Contexte : Application ,
Catalogue SystemIndex Détails : Un périphérique attaché au système ne fonctionne pas
correctement. (0x8007001f)

[ System Events ]
Error - 26/05/2009 12:58:14 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (e4ldr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 26/05/2009 12:58:14 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7000
Description = Le service AG Windows Service n'a pas pu démarrer en raison de l'erreur :
%%3

Error - 26/05/2009 12:58:14 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7000
Description = Le service VNC Server n'a pas pu démarrer en raison de l'erreur :
%%3

Error - 26/05/2009 12:58:20 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : i8042prt

Error - 26/05/2009 13:04:06 | Computer Name = HP-7E00783F7641 | Source = SRService | ID = 104
Description = Le processus d'initialisation de la restauration du système a échoué.

Error - 26/05/2009 13:04:06 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7023
Description = Le service Service de restauration système s'est arrêté avec l'erreur :
%%32

Error - 26/05/2009 16:32:15 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7000
Description = Le service General Purpose USB Driver (e4ldr.sys) n'a pas pu démarrer
en raison de l'erreur : %%1058

Error - 26/05/2009 16:32:15 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7000
Description = Le service AG Windows Service n'a pas pu démarrer en raison de l'erreur :
%%3

Error - 26/05/2009 16:32:15 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7000
Description = Le service VNC Server n'a pas pu démarrer en raison de l'erreur :
%%3

Error - 26/05/2009 16:32:20 | Computer Name = HP-7E00783F7641 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : i8042prt PCIIde


< End of report >
0
abdel__ Messages postés 58 Statut Membre
 
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 3

26/05/2009 20:25:55
mbam-log-2009-05-26 (20-25-55).txt

Type de recherche: Examen rapide
Eléments examinés: 79284
Temps écoulé: 7 minute(s), 1 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\Documents and Settings\hp\Local Settings\temp\nfscna.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\xjsqaf.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\bjntws.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\winpidlqo.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\vdmwbh.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\pakkj.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{a71c9f09-fd16-4efd-a939-a7157371b850} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation (Backdoor.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (%1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\hp\Local Settings\temp\nfscna.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\xjsqaf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\bjntws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\winpidlqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\vdmwbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\pakkj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ossmtp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
TL
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

on avance.

C'est OTL.txt qu'il me faut, pas extras.txt
0
abdel__ Messages postés 58 Statut Membre
 
je l'ai posté.....
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 3

26/05/2009 20:25:55
mbam-log-2009-05-26 (20-25-55).txt

Type de recherche: Examen rapide
Eléments examinés: 79284
Temps écoulé: 7 minute(s), 1 second(s)

Processus mémoire infecté(s): 6
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\Documents and Settings\hp\Local Settings\temp\nfscna.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\xjsqaf.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\bjntws.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\winpidlqo.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\vdmwbh.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\hp\Local Settings\temp\pakkj.exe (Trojan.Downloader) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{a71c9f09-fd16-4efd-a939-a7157371b850} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation (Backdoor.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (%1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\hp\Local Settings\temp\nfscna.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\xjsqaf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\bjntws.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\winpidlqo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\vdmwbh.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\hp\Local Settings\temp\pakkj.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ossmtp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
TL
0
Réponse 46 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

non, OTL génére 2 fichiers et MBAM 1.

J'ai besoin de l'autre créé par OTL.
0
Réponse 47 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

le monde de la désinfection est petit !

Je l'ai posté.....

oui, mais ailleurs .....
0
abdel__ Messages postés 58 Statut Membre
 
wawe sur l'autre site !! vous etes plus partique !!!! vous repondez vite !!!!
0
Réponse 48 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton Bureau

Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".

- nom de fichier à rechercher tape ou fais un copier coller de : 
gthrctr

- Type de recherche : sélectionne l'option 3 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)

==========

recommence avec : 
errox32
0
abdel__ Messages postés 58 Statut Membre
 
salut , impossible de faire les demarches suivantes : Clique droit sur le fichier OAD.exe et sur Propriétés, dans l'onglet Compatibilité, Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur".
une fois que j'execute le programme la fentre apparait ou il y a affiché ecris le nom du fichier. cependant voila le rapport:
27/05/2009 ---- 19:47:23,67

----------------------------------
§§§§§§ [errox32] §§§§§§
----------------------------------
[ ] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


*******************
[Fichier]
*******************

c:\WINDOWS\system32\errox32.dll


*********************
[Même date]
*********************

[11/02/2009 ] ---> C:\tyuwq22.err
[11/02/2009 ] ---> C:\WINDOWS\system32\2555.kdx
[11/02/2009 ] ---> C:\WINDOWS\system32\assuntos.dll
[11/02/2009 ] ---> C:\WINDOWS\system32\config.dll
[11/02/2009 ] ---> C:\WINDOWS\system32\contatos.txt
[11/02/2009 ] ---> C:\WINDOWS\system32\errox32.dll
[11/02/2009 ] ---> C:\WINDOWS\system32\frases.dll
[11/02/2009 ] ---> C:\WINDOWS\system32\juhghhhxx.err
[11/02/2009 ] ---> C:\WINDOWS\system32\links.dll
[11/02/2009 ] ---> C:\WINDOWS\system32\logs.dll
[11/02/2009 ] ---> C:\WINDOWS\system32\mswinsck.ocx
[11/02/2009 ] ---> C:\WINDOWS\system32\thgfdf33.txt
[11/02/2009 ] ---> C:\WINDOWS\system32\total.dll



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
Réponse 49 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

sauf si le malware manipule les dates, tu es infecté depuis le 11 février !

Il me manque la première analyse, celle sur : 
gthrctr
0
abdel__ Messages postés 58 Statut Membre
 
fichier gthrctr introuvable !!! voila le message que je recois !!! en executant le programme
0
abdel__ Messages postés 58 Statut Membre
 
salut je voulais dire ca bloque : ca veut dire je Double clic sur OTL.exe pour le lancer. et Copie la liste qui se trouve en gras que vous m'avez donné,et je la colle dans la zone sous Customs Scans/Fixes . je clique sur runfix. alors la zone customs scans/fixes commence a affiché des phrases , quand ca s'arrete subitement. jé attendu plus de 2 heures . rien ne s'est passé. alors je me suis dis ca bloque !!!!!
jé appliqué vos consignes a la lettre !!!!
0
Réponse 50 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Double clic sur OTL.exe pour le lancer.


Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans la zone sous Customs Scans/Fixes 


:OTL
PRC - [2009/02/14 16:43:44 | 00,114,688 | ---- | M] () -- C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com 
PRC - [2009/02/14 16:43:44 | 00,114,688 | ---- | M] () -- C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com
PRC - [2009/04/11 02:01:10 | 00,213,504 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
PRC - [2009/05/26 21:12:06 | 00,011,264 | ---- | M] () -- C:\Documents and Settings\hp\Local Settings\temp\winncgwby.exe 
PRC - [2009/05/26 21:12:16 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\hp\Local Settings\temp\kwyppv.exe 
PRC - [2009/05/26 21:30:36 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hp\Local Settings\Temporary Internet Files\Content.IE5\XH9O10LH\OTL[1].exe  

DRV - File not found -- -- (abp470n5 [On_Demand | Running])


O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\..\Toolbar\WebBrowser: (no name) - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - Reg Error: Key error. File not found 

O4 - Startup: C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe Online.com () 
O4 - Startup: C:\Documents and Settings\hp\Menu Démarrer\Programmes\Démarrage\Adobe update.com ()  

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present  

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present 

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present  
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present  
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present  

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel presen  
O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present  

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0  

O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 
O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1  
O7 - HKU\S-1-5-21-343818398-1960408961-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present 




O33 - MountPoints2\{7926b52a-980b-11dd-be1b-806d6172696f}\Shell\auto\command - "" = C:\Thumbs.com -- [2009/02/14 16:43:44 | 00,114,688 | RH-- | M] ()  
O33 - MountPoints2\{7926b52b-980b-11dd-be1b-806d6172696f}\Shell\auto\command - "" = D:\Thumbs.com -- [2009/02/14 16:43:44 | 00,114,688 | RH-- | M] ()  
O33 - MountPoints2\{87f7e4c1-ebd2-11dd-a7d2-4d6564696130}\Shell\auto\command - "" = F:\Thumbs.com -- File not found



[2009/05/26 17:18:59 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2304.exe 
[2009/05/26 17:12:43 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1073.exe  
[2009/05/26 17:10:30 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF632.exe  

  
[2009/05/25 21:47:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\hp\Bureau\????? ? ????? ? ?????  
** - C:\Documents and Settings\hp\Bureau\????? ? ????? ? ?????  
 


[2009/02/11 02:48:02 | 00,002,638 | ---- | C] () -- C:\WINDOWS\System32\assuntos.dll  
[2009/02/11 02:47:38 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\total.dll  
[2009/02/11 02:47:23 | 00,000,517 | ---- | C] () -- C:\WINDOWS\System32\links.dll  
[2009/02/11 02:47:19 | 00,020,543 | ---- | C] () -- C:\WINDOWS\System32\frases.dll  
[2009/02/11 02:47:17 | 00,045,121 | ---- | C] () -- C:\WINDOWS\System32\logs.dll 
[2009/02/11 02:47:16 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\config.dll  
[2009/02/11 02:47:11 | 00,000,033 | ---- | C] () -- C:\WINDOWS\System32\errox32.dll  
 
 
[2009/05/26 17:18:53 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF2304.exe 
[2009/05/26 17:12:36 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF1073.exe 
[2009/05/26 17:10:21 | 00,401,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF632.exe 
 
 
[2009/05/20 01:02:13 | 00,484,240 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat  
[2009/05/20 01:02:13 | 00,081,596 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat  
 
[2009/05/02 02:52:57 | 00,395,650 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat  
[2009/05/02 02:52:57 | 00,059,890 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat  
 


@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
 


:reg
[-HKEY_CLASSES_ROOT\BrowserHelper.CBrowserHelper]
[-HKEY_CLASSES_ROOT\CLSID\{D5B72AED-E54A-11D6-B1B2-444553540000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5B72AEB-E54A-11D6-B1B2-444553540000}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5B72AED-E54A-11D6-B1B2-444553540000}B1B2-444553540000}]


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper]
clsid = -

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A1C811C-88FF-493B-98A9-83B4A649ACD9}]
progid =-
typelib =-
version =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A71C9F09-FD16-4EFD-A939-A7157371B850}]
progid =-
typelib =-
version =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB81FA79-DCD7-48A6-A710-A85BD5ED9640}]
progid =-
typelib =-
version =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C2A3FF36-C3A5-4334-968C-1DEA85AAA772}]

progid =-
typelib =-
version =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5B72AED-E54A-11D6-B1B2-444553540000}]
progid =-
typelib =-
version =-
threadingmodel =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06F979F8-6769-4E37-8F1E-682C5974AD65}]
forward =-
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2886D2A4-823A-4EEE-8334-ED4D6192E9CF}]
forward =-
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4ED7A4FC-6D07-4A22-AD0F-E00BC5168058}]
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{586E813A-46C0-4180-BC90-2092AD205300}]
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5A1A90F4-0C3A-42F5-A7F1-AE3755E24878}]
forward =-
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{72911F41-3592-4FCE-98FB-4DFE319E2936}]
forward =-
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8135CEB9-9BAB-40AE-B0E3-A7C0E5874A2D}]
forward =-
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B8DBC24-6228-4F73-88C5-D215E10D05E6}]
proxystubclsid =-
proxystubclsid32 =-
proxystubclsid =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6C63D04-83A9-4B7B-A551-44CC9DBAC31A}]
proxystubclsid32 -
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5B72AEC-E54A-11D6-B1B2-444553540000}]
proxystubclsid =-
proxystubclsid32 =-
version =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA415FE0-F688-4EEB-8254-735C95E6BA34}]
forward =-
proxystubclsid =-
proxystubclsid32 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OSSMTP.Attachment]
clsid =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OSSMTP.CustomHeader]
clsid =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OSSMTP.EmbeddedObject]
clsid =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\OSSMTP.SMTPSession]
clsid =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings]
filename0 =-
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast =-


:files

C:\tyuwq22.err
C:\WINDOWS\system32\2555.kdx
C:\WINDOWS\system32\assuntos.dll
C:\WINDOWS\system32\config.dll
C:\WINDOWS\system32\contatos.txt
C:\WINDOWS\system32\errox32.dll
C:\WINDOWS\system32\frases.dll
C:\WINDOWS\system32\juhghhhxx.err
C:\WINDOWS\system32\links.dll
C:\WINDOWS\system32\logs.dll
C:\WINDOWS\system32\thgfdf33.txt
C:\WINDOWS\system32\total.dll


:commands
[emptytemp]


Clique sur RunFix pour lancer la suppression.


Poste le rapport.
0
abdel__ Messages postés 58 Statut Membre
 
resalut
ca marche pas le truc otl , j'applique ce que vous m'avez demandé , mais ca bloque !!!
0
Réponse 51 / 67
Noni
 
Remove Surabaya in my birthday virus/worm free
http://darfuns.com/remove-surabaya-happy-birthday-virus-worm/
0
Réponse 52 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

bien bloqué.

On réessaye comme ça :

Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Au moment où on te demandera d'enregistrer le fichier téléchargé, choisis bien le Bureau mais nomme le fichier antitruc.exe

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
0
abdel__ Messages postés 58 Statut Membre
 
salut , je ne peux telecharger combofix ,je vous l'ai deja dis , quand meme jé essayé , et cé la meme chose , un message apparait a la fin du telechargement : impossible de renommer COMBOFIX par COMBOFIX1. apres tout disparait
0
Réponse 53 / 67
Utilisateur anonyme
 
salut essaie celui-ci (combofix renommé)
0
Réponse 54 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je savais très bien que tu ne pouvais pas télécharger combofix par la procédure normale.

je ne crois pas que tu ais fais ce que j'ai demandé.

j'ai demandé à ce que tu renommes combofix.exe en antitruc.exe au moment de l'enregistrement (donc avant qu'il soit enregistré sur le disque dur).

==============

Je voudrais aussi que tu me dises ce qui s'est passé lors du dernier passage d'OTL.

Tu as dis "ça bloque". Ca veut dire quoi ?

Tu es tellement infecté que ça peut être très long.
0
abdel__ Messages postés 58 Statut Membre
 
ComboFix 09-05-28.09 - hp 29/05/2009 18:32.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.247.115 [GMT 0:00]
Lancé depuis: c:\documents and settings\hp\Bureau\antitruc.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.

2009-05-22 00:25 . 2009-05-22 00:25 -------- d-----w c:\documents and settings\hp\Application Data\Auslogics
2009-05-22 00:25 . 2009-05-22 00:25 -------- d-----w c:\program files\Auslogics
2009-05-21 23:20 . 2009-05-26 20:01 -------- d--h--w C:\rsit
2009-05-21 19:28 . 2009-05-21 19:46 -------- d-----w c:\program files\Navilog1
2009-05-21 18:42 . 2009-05-22 18:30 -------- d--h--w C:\Lop SD
2009-05-21 18:30 . 2009-05-22 18:17 -------- d--h--w C:\ToolBar SD
2009-05-20 04:15 . 2009-05-20 04:15 1277024 ----a-w c:\documents and settings\hp\Application Data\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-05-20 04:14 . 2009-05-20 04:14 233472 ----a-w c:\documents and settings\hp\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
2009-05-20 04:14 . 2009-05-20 04:14 176128 ----a-w c:\documents and settings\hp\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
2009-05-20 04:14 . 2009-05-20 04:14 1281120 ----a-w c:\documents and settings\hp\Application Data\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-05-20 04:14 . 2009-05-20 04:14 834152 ----a-w c:\documents and settings\hp\Application Data\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdssetup.exe
2009-05-20 04:14 . 2009-05-20 04:14 88064 ----a-w c:\documents and settings\hp\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
2009-05-20 04:14 . 2009-05-20 04:14 6418872 ----a-w c:\documents and settings\hp\Application Data\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe
2009-05-20 04:14 . 2009-05-20 04:14 132640 ----a-w c:\documents and settings\hp\Application Data\Real\Update\setup\schedule.exe
2009-05-20 04:14 . 2009-05-20 04:14 88576 ----a-w c:\documents and settings\hp\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
2009-05-17 18:32 . 2009-05-17 18:32 -------- d-----w c:\program files\WS_FTP
2009-05-17 17:53 . 2007-02-13 16:20 253008 ----a-w c:\windows\adirasx64.exe
2009-05-17 17:53 . 2007-02-07 16:51 169496 ----a-w c:\windows\system32\drivers\adiusbawx64.sys
2009-05-17 17:53 . 2007-02-07 16:50 118552 ----a-w c:\windows\system32\drivers\adiusbaw.sys
2009-05-17 17:53 . 2007-01-04 13:46 146968 ----a-w c:\windows\system32\drivers\e4usbawx64.sys
2009-05-17 17:53 . 2006-02-15 10:15 176128 ----a-w c:\windows\autoclk.exe
2009-05-17 17:53 . 2007-01-04 13:47 71832 ----a-w c:\windows\system32\drivers\e4ldrx64.sys
2009-05-17 17:53 . 2002-09-26 16:42 24576 ----a-w c:\windows\enddisk32.exe
2009-05-17 17:53 . 2007-02-07 16:50 58264 ----a-w c:\windows\system32\drivers\adildrx64.sys
2009-05-17 17:53 . 2007-02-07 16:50 56088 ----a-w c:\windows\system32\drivers\adildr.sys
2009-05-17 17:53 . 2006-12-22 13:18 316416 ----a-w c:\windows\system32\unaddrv.x64.exe
2009-05-17 17:52 . 2009-05-17 17:52 -------- d-----w c:\program files\SAGEM
2009-05-17 17:52 . 2009-05-17 17:52 -------- d-----w c:\documents and settings\hp\Application Data\InstallShield
2009-05-10 23:15 . 2009-05-10 23:15 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-10 22:26 . 2009-05-10 22:26 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-08 15:10 . 2009-05-29 18:20 -------- d-----w c:\program files\Eraser
2009-05-07 23:41 . 2009-05-07 23:41 10134 ----a-r c:\documents and settings\hp\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-05-07 23:41 . 2009-05-07 23:41 -------- d-----w c:\program files\HP
2009-05-01 22:39 . 2009-05-01 22:39 -------- d-----w c:\program files\ToniArts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 23:01 . 2008-10-18 13:38 65432 ----a-w c:\documents and settings\hp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 21:26 . 2008-11-09 18:37 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-26 20:07 . 2009-05-26 20:07 -------- d-----w c:\documents and settings\hp\Application Data\Malwarebytes
2009-05-26 20:06 . 2009-05-26 20:06 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-26 19:29 . 2009-05-19 23:30 -------- d-----w c:\program files\Trend Micro
2009-05-25 17:09 . 2009-05-25 17:09 426 ----a-w c:\documents and settings\hp\Autoexec.bat
2009-05-22 22:49 . 2009-05-20 02:19 -------- d-----w c:\program files\a-squared Free
2009-05-20 04:14 . 2009-05-18 12:30 -------- d-----w c:\program files\AMT
2009-05-20 04:14 . 2009-04-23 20:57 -------- d-----w c:\program files\iTunes
2009-05-20 04:14 . 2009-05-20 04:14 83968 ----a-w c:\documents and settings\hp\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
2009-05-20 04:13 . 2009-05-20 04:13 270336 ----a-w c:\documents and settings\hp\Application Data\LimeWire\browser\xulrunner\updater.exe
2009-05-20 01:39 . 2009-05-20 01:39 -------- d-----w c:\documents and settings\hp\Application Data\Windows Search
2009-05-20 01:38 . 2009-05-20 01:38 -------- d-----w c:\documents and settings\hp\Application Data\Windows Desktop Search
2009-05-20 01:02 . 2002-09-07 01:00 81596 ----a-w c:\windows\system32\perfc00C.dat
2009-05-20 01:02 . 2002-09-07 01:00 484240 ----a-w c:\windows\system32\perfh00C.dat
2009-05-20 01:01 . 2009-05-20 01:01 -------- d-----w c:\program files\Windows Desktop Search
2009-05-17 20:15 . 2008-10-12 17:00 -------- d-----w c:\program files\Menara
2009-05-17 18:36 . 2008-10-12 16:22 -------- d-----w c:\program files\Fichiers communs\Real
2009-05-17 18:35 . 2008-10-14 19:40 8552 ----a-w c:\windows\system32\drivers\asctrm.sys
2009-05-17 17:52 . 2008-10-12 17:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-28 17:34 . 2009-04-28 17:29 -------- d-----w c:\documents and settings\hp\Application Data\agi
2009-04-28 17:32 . 2009-04-28 17:32 -------- d-----w c:\documents and settings\LocalService\Application Data\agi
2009-04-28 17:29 . 2009-04-28 17:29 -------- d-----w c:\documents and settings\All Users\Application Data\agi
2009-04-28 17:27 . 2009-04-28 17:27 339968 ----a-w c:\windows\system32\pythoncom25.dll
2009-04-28 17:27 . 2009-04-28 17:27 2117632 ----a-w c:\windows\system32\python25.dll
2009-04-28 17:27 . 2009-04-28 17:27 114688 ----a-w c:\windows\system32\pywintypes25.dll
2009-04-28 17:27 . 2009-02-20 18:31 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-25 21:12 . 2009-04-25 20:59 -------- d-----w c:\program files\ElcomSoft
2009-04-25 21:09 . 2009-04-25 21:09 39424 ----a-w c:\windows\zipinst.exe
2009-04-25 00:12 . 2009-01-26 18:48 206400 ----a-w c:\documents and settings\hp\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-25 00:12 . 2009-01-26 18:48 156208 ----a-w c:\documents and settings\hp\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-25 00:12 . 2009-01-26 18:48 392728 ----a-w c:\documents and settings\hp\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-23 21:01 . 2009-04-23 21:01 -------- d-----w c:\documents and settings\hp\Application Data\Apple Computer
2009-04-23 21:01 . 2009-04-23 20:59 -------- d-----w c:\program files\QuickTime
2009-04-23 20:57 . 2009-04-23 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-23 20:56 . 2008-10-12 17:00 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-04-21 19:55 . 2009-04-20 21:46 -------- d-----w c:\program files\VideoLAN
2009-04-20 21:54 . 2009-04-20 21:54 -------- d-----w c:\documents and settings\hp\Application Data\dvdcss
2009-04-18 21:06 . 2009-04-18 21:06 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-17 21:21 . 2009-04-17 21:21 -------- d-----w c:\program files\Windows Media Connect 2
2009-04-12 19:47 . 2009-04-12 19:45 -------- d-----w c:\program files\Google
2009-04-12 01:14 . 2009-02-21 20:23 -------- d-----w c:\documents and settings\hp\Application Data\Smart PC Solutions
2009-04-12 01:14 . 2009-02-21 20:23 -------- d-----w c:\program files\Smart PC Solutions
2009-04-11 23:31 . 2009-04-11 23:31 5376 ----a-w c:\windows\system32\drivers\MS1000.sys
2009-04-11 20:52 . 2008-11-11 21:48 -------- d-----w c:\documents and settings\hp\Application Data\VoipBuster
2009-04-11 20:38 . 2009-04-11 20:35 -------- d-----w c:\documents and settings\hp\Application Data\InternetCalls
2009-04-11 20:18 . 2009-04-11 20:14 -------- d-----w c:\documents and settings\hp\Application Data\NetAppel
2009-04-11 02:01 . 2009-04-11 02:01 213504 ----a-w c:\documents and settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-03-08 22:39 . 2009-03-08 22:39 904680 ----a-w c:\documents and settings\hp\Application Data\MSNInstaller\msnauins.exe
2009-03-08 04:34 . 2004-08-19 21:09 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 04:34 . 2004-08-19 21:09 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 04:33 . 2004-08-19 21:09 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 04:33 . 2004-08-19 21:09 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 04:32 . 2004-08-19 21:09 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 04:32 . 2004-08-19 21:09 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 04:31 . 2004-08-19 21:09 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 04:31 . 2004-08-19 21:08 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 04:31 . 2004-08-19 21:10 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 04:22 . 2002-09-07 01:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:20 . 2004-08-19 21:09 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-14 16:43 . 2009-02-14 16:43 114688 ------r C:\Program Files .scr
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1768960]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3987808]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]
"Eraser"="c:\program files\Eraser\eraser.exe" [2003-07-25 679936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-23 229376]
"RealTray"="c:\program files\Real\RealOne Player\realplay.exe" [2009-05-17 181760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\hp\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-11 213504]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Menara\dslmon.exe [2008-10-12 909312]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\WINDOWS\\system32\\netsh.exe"=
"c:\\Program Files\\ToniArts\\EasyCleaner\\EasyClea.exe"=
"c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
"c:\\WINDOWS\\system32\\SearchProtocolHost.exe"=
"c:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe"=
"c:\\WINDOWS\\system32\\WISPTIS.EXE"=
"c:\\Program Files\\QuickTime\\qttask.exe"=
"c:\\Program Files\\Menara\\dslmon.exe"=
"c:\\Documents and Settings\\hp\\Application Data\\Microsoft\\Notification de cadeaux MSN\\lsnfier.exe"=
"c:\\Program Files\\Eraser\\eraser.exe"=

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [08/03/2009 22:41 55152]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\gmepnn.sys --> c:\windows\system32\drivers\gmepnn.sys [?]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [12/10/2008 17:03 114616]
S2 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" --> c:\program files\AGI\common\win32\PythonService.exe [?]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [12/10/2008 17:03 63555]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [02/08/2005 21:10 32512]
.
Contenu du dossier 'Tâches planifiées'

2009-05-29 c:\windows\Tasks\User_Feed_Synchronization-{4DF9536E-79E9-41D1-B7BA-D4BB961EFCBD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]

2009-05-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 22:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.bladinet.net/
mWindow Title =
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 18:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Heure de fin: 2009-05-29 18:39
ComboFix-quarantined-files.txt 2009-05-29 18:39
ComboFix2.txt 2009-05-24 21:00

Avant-CF: 13 116 719 104 octets libres
Après-CF: 13 108 506 624 octets libres

224 --- E O F --- 2009-05-27 01:27
0
Réponse 55 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Je voudrais aussi que tu me dises ce qui s'est passé lors du dernier passage d'OTL.

Tu as dis "ça bloque". Ca veut dire quoi ?

Tu es tellement infecté que ça peut être très long.
0
abdel__ Messages postés 58 Statut Membre
 
saut , jé cliqué sur OTL.exe 2fois pour le lancer. jé Copie la liste qui se trouve en gras que vous m'avez donné, je l'ai collèe dans la zone sous Customs Scans/Fixes .puis jé cliqué sur run fix.
des messages se sont defillés dans la meme zone.
et s'arrete apres 20 segondes a peu pret.
apres j'ai attendu plus de deux heures , et rien ne s'esrt passé!!! don je me suis dis ca s'est bloqué !!!
0
Réponse 56 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver::
abp470n5

Rootkit:: 
C:\Program Files .scr
c:\windows\system32\drivers\gmepnn.sys


Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:0
"DisableRegistryTools"=dword:0


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

=============

Refais tourner OTL et poste le rapport.
0
abdel__ Messages postés 58 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:21:52, on 30/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Menara\dslmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\winfkdpes.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\winsowdc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\DOCUME~1\hp\LOCALS~1\Temp\ldhd.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\wingtxh.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\winpqiay.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\nikkra.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\winbctyr.exe
C:\DOCUME~1\hp\LOCALS~1\Temp\bolrf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bladinet.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealOne Player\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\hp\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8f4ca0d0e1e64f9880ca97f50b1810a0
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8f4ca0d0e1e64f9880ca97f50b1810a0
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=24931
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71BA674A-663F-49DA-92FE-8E035C1A530A}: NameServer = 62.251.229.223 62.251.229.237
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)
0
Réponse 57 / 67
Utilisateur anonyme
 
salut Lyonnais je crois que c'est Conficker

je retire Combofix du lien
0
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

tu peux donner les lignes concernées ?

je ne comprends pas "je retire Combofix du lien"
0
Réponse 58 / 67
Utilisateur anonyme
 
lignes concernées :

File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winrlxd.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\jeiynh.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winesucgg.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\gchcu.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winepdnd.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winmvpq.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winrqkhjn.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winnpbwh.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\xebsw.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winejqdff.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winbbbx.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winktucb.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\ojkc.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\oyknyy.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\snssj.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winuqhjym.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winskpoop.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\wingvoie.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winegtbcl.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\nfscna.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winskdmg.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\rcgbkq.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winovrdk.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\winrugi.exe:*:Enabled:ipsec
File not found -- C:\DOCUME~1\hp\LOCALS~1\Temp\gjnuj.exe:*:Enabled:ipsec

j'ai retiré Combofix du lien :

http://www.commentcamarche.net/forum/affich 12529924 surabaya?page=3#79
0
Réponse 59 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

si tu continues à faire n'importe quoi, in va pas avancer.

Fais ce que je demande.

Je ne te répondrai désormais que quand j'aurais eu exactement ce que j'ai demandé.

Donc rapport combofix
rapport OTL
diagnostic de EyeChart
0
abdel__ Messages postés 58 Statut Membre
 
salut ,vous me recevez ? jé envoyé les rapports que vous m'avez demandé
0
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279 > abdel__ Messages postés 58 Statut Membre
 
Bonsoir

Doit être trop long ton rapport, donc essaie de le poster en le coupant en plusieurs fois

++
0
Réponse 60 / 67
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

merci de ton intervention ^^Marie^^.

abdel__ comme tu dois pouvoir le voir, il n'y a pas de rapport dans ta réponse.
0
abdel__ Messages postés 58 Statut Membre
 
je lé posté sur zubelon
0

Discussions similaires

Virus Surabaya
Aiondar -
Malekal_morte- -

7 réponses
Surabaya
pinkpathart -
Malekal_morte- -

21 réponses
Surabaya virus
Lebloleen -
lilidurhone -

22 réponses
Virus Surabaya in my birthday
smith31 -
badre110 -

17 réponses
virus surabaya 81u3f4nt45y
antari.mostafa -
cooboy -

7 réponses