Sujet Précédent Sujet Suivant

Erreur chargement dll 32

Fermé
estrelladamore Messages postés 2 Date d'inscription lundi 8 juin 2009 Statut Membre Dernière intervention 8 juin 2009 - 8 juin 2009 à 15:14
 estrelladamore - 10 juin 2009 à 10:39
bonjour
depuis quelque temps j'ai le message erreur chargement dll 32 qui s'affiche et plein d'autre fenetre s'ouvre
je pense que je suis infecté de virus, la je suis en train de faire un scan avec malwarebytes que faire après? merci
ps : je suis sous windows vista avec un pc portable
A voir également:

17 réponses

Réponse 1 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 juin 2009 à 15:20
slt quelle dll?

colle le rapport malwarebyte

et ensuite


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 17
estrelladamore Messages postés 2 Date d'inscription lundi 8 juin 2009 Statut Membre Dernière intervention 8 juin 2009
8 juin 2009 à 15:22
merci de m'avoir repondu des que mon scan et terminer je collerai le rapport sur le forum
0
Réponse 3 / 17
estrelladamore
9 juin 2009 à 12:54
bonjour
je reviens car l'analyse etait plus longue que prevu donc j'ai repris aujourd'hui
je vous post le rapport
merci


Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 6.0.6001 Service Pack 1

09/06/2009 12:52:27
mbam-log-2009-06-09 (12-52-10).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 225181
Temps écoulé: 4 hour(s), 8 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 36
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 15
Dossier(s) infecté(s): 27
Fichier(s) infecté(s): 118

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\i899.i899mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\i899.i899mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\o675.o675mgr (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\o675.o675mgr.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5ff186e7-0957-4095-8a2c-577ce6ea1b1f} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5b452b01-12c9-4286-81d9-2308aeb3cd94} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ff186e7-0957-4095-8a2c-577ce6ea1b1f} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5b452b01-12c9-4286-81d9-2308aeb3cd94} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ff186e7-0957-4095-8a2c-577ce6ea1b1f} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware-secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aquaplay (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\aquaplay (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\aquaplay (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internet antivirus pro_is1 (Rogue.InternetAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\websrvx (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5de9c555-7097-f75c-9f01-b637f2b26dc0} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5de9c555-7097-f75c-9f01-b637f2b26dc0} (Adware.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\usuqweu (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spyware-secure (Rogue.SpywareSecure) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Worm.Koobface) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{47836122-9d2e-476c-9763-b1d366f704e1} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{43e4ad5a-d519-4b01-aebc-a4002f493176}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4d74c580-829b-41db-a0e6-28683473fd6e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a3437c59-72d5-4633-952b-34ddfce99535}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{43e4ad5a-d519-4b01-aebc-a4002f493176}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4d74c580-829b-41db-a0e6-28683473fd6e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a3437c59-72d5-4633-952b-34ddfce99535}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{43e4ad5a-d519-4b01-aebc-a4002f493176}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4d74c580-829b-41db-a0e6-28683473fd6e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{a3437c59-72d5-4633-952b-34ddfce99535}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.92,85.255.112.112 -> No action taken.

Dossier(s) infecté(s):
c:\programdata\microsoft\Windows\start menu\Programs\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\db (Rogue.InternetAntivirus) -> No action taken.
c:\program files\Internet Antivirus Pro (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\db (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\Languages (Rogue.InternetAntivirus) -> No action taken.
C:\resycled (Trojan.DNSChanger) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\FR (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources (Rogue.Spyware-Secure) -> No action taken.
C:\Windows\System32\wTR02 (Trojan.Agent) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\VirusRemover2008 (Rogue.VirusRemover) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\virusremover2008\Logs (Rogue.VirusRemover) -> No action taken.
C:\Windows\System32\887164 (Trojan.BHO) -> No action taken.
C:\Windows\System32\219198 (Trojan.BHO) -> No action taken.
C:\Program Files\aquaplay (Trojan.DNSChanger) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aquaplay (Trojan.DNSChanger) -> No action taken.
C:\Program Files\websrvx (Trojan.Downloader) -> No action taken.
C:\ProgramData\Solt Lake Software (Rogue.ProAntispyware) -> No action taken.
c:\programdata\solt lake software\Pro Antispyware 2009 (Rogue.ProAntispyware) -> No action taken.

Fichier(s) infecté(s):
c:\Users\KAMEL\AppData\Local\usuqweu.exe (Trojan.Agent.H) -> No action taken.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.SpywareSecure) -> No action taken.
C:\Windows\pp06.exe (Worm.Koobface) -> No action taken.
c:\program files\aquaplay\Uninstall.exe (Trojan.FakeAlert) -> No action taken.
c:\program files\common files\InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> No action taken.
c:\program files\everest poker\var\Everest Casino.exe (Rogue.AdorableCasino) -> No action taken.
c:\system volume information\systemrestore\frstaging\Windows\pp04.exe (Worm.Koobface) -> No action taken.
c:\system volume information\systemrestore\frstaging\Windows\pp05.exe (Trojan.Agent) -> No action taken.
c:\system volume information\systemrestore\frstaging\Windows\System32\dll32.dll (Backdoor.Bot) -> No action taken.
c:\system volume information\systemrestore\frstaging\Windows\System32\gaopdxcqeiwtje.dll (Trojan.DNSChanger) -> No action taken.
c:\system volume information\systemrestore\frstaging\Windows\System32\tuvSlkll.dll (Trojan.Vundo) -> No action taken.
c:\Users\KAMEL\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\M72DH79I\internet_eas[1].exe (Adware.Navipromo) -> No action taken.
c:\Users\KAMEL\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\ZZZ5RUQ4\install[1].exe (Trojan.Downloader) -> No action taken.
c:\Windows\tt_1240315312.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\dll32.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\MSINET.oca (Rogue.Trace) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\internet antivirus pro\Internet Antivirus Pro Home Page.lnk (Rogue.InternetAntivirus) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\internet antivirus pro\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\internet antivirus pro\Purchase License.lnk (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\settings.ini (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\uill.ini (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\unins000.exe (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\Uninstall Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\updateloadlist.ini (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\db\config.cfg (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\db\Timeout.inf (Rogue.InternetAntivirus) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\internet antivirus pro\db\Urls.inf (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\activate.ico (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\Explorer.ico (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\unins000.dat (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\unins001.dat (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\unins001.exe (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\uninstall.ico (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\working.log (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\db\config.cfg (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\db\DBInfo.ver (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\db\ia080614.db (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\languages\IAEs.lng (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\languages\IAFr.lng (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\languages\IAGer.lng (Rogue.InternetAntivirus) -> No action taken.
c:\program files\internet antivirus pro\languages\IAIt.lng (Rogue.InternetAntivirus) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\spyware-secure\Website.lnk (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\config.s3db (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\language (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\nbmw (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\quarantine.s3db (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\skin (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\sqlite3.dll (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\sws_translations.xml (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\uninst.exe (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\unrar.dll (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\explo_intro.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\explo_menu.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\file.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\folder.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\folder_f.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\folder_o.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\index.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\menu3.js (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\spy.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\trait_coud.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\trait_droit.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\trait_vert.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\fleche.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\folder.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\key.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\menu.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\support.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\title-hepfile.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\FR\menu.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\contactus.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\found-objects.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\lexic.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\quarantine.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\help\help_trial_fr\rubs\register.htm (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> No action taken.
c:\program files\spyware-secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\virusremover2008\Logs\scns.log (Rogue.VirusRemover) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\aquaplay\Uninstall.lnk (Trojan.DNSChanger) -> No action taken.
c:\program files\websrvx\upx.exe (Trojan.Downloader) -> No action taken.
C:\Windows\mstre15.exe (Worm.KoobFace) -> No action taken.
c:\Windows\freddy39.exe (Worm.KoobFace) -> No action taken.
c:\Windows\freddy40.exe (Worm.KoobFace) -> No action taken.
c:\Windows\freddy41.exe (Worm.KoobFace) -> No action taken.
C:\Windows\msmark2.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft2792f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft2803f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft2804f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft2810f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft2829f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft2832f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft3223f44.dat (Worm.KoobFace) -> No action taken.
c:\Windows\t55ft3242f44.dat (Worm.KoobFace) -> No action taken.
c:\Users\KAMEL\AppData\Local\Temp\jopaxx_1240304297.exe (Worm.KoobFace) -> No action taken.
c:\Users\KAMEL\AppData\Roaming\microsoft\internet explorer\quick launch\Internet Antivirus Pro.lnk (Rogue.InternetAntivirus) -> No action taken.
C:\Windows\ld02.exe (Backdoor.Bot) -> No action taken.
c:\Windows\tt_1240315313.exe (Backdoor.Bot) -> No action taken.
c:\Users\KAMEL\Desktop\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> No action taken.
C:\Program Files\Common Files\file.exe (Rogue.InternetAntivirus) -> No action taken.
c:\Windows\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> No action taken.
c:\Windows\9g234sdff3d23dfgjf23 (Worm.KoobFace) -> No action taken.
c:\Windows\mstre18.exe (Worm.KoobFace) -> No action taken.
C:\Windows\f23567.dat (Worm.KoobFace) -> No action taken.
C:\Windows\System32\ejzwdwjgbjfto.dll (Adware.BHO) -> No action taken.
0
Réponse 4 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 juin 2009 à 13:13
ok

et dire que tu ne faisais que penser que le pc etait infecté ...



vire tout

puis vire la quarantaine de malwarebyte
puis recolle un scan rapide avec malwarebyte
puis mets un rapport RSIt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
estrelladamore
9 juin 2009 à 13:18
j'ai fait le rapport comme tu m'a dis avec rsit j'ai le rapport je le colle

Logfile of random's system information tool 1.06 (written by random/random)
Run by KAMEL at 2009-06-09 12:57:45
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 98 GB (64%) free of 153 GB
Total RAM: 3070 MB (59% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Norton Internet Security - Analyse système complète - KAMEL.job
C:\Windows\tasks\User_Feed_Synchronization-{4F12255F-9404-4EC0-B6BB-7CBB99B9DA5C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 96936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DE9C555-7097-F75C-9F01-B637F2B26DC0}]
bambanner browser enhancer - C:\Windows\system32\ejzwdwjgbjfto.dll [2009-03-02 300032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5FF186E7-0957-4095-8A2C-577CE6EA1B1F}]
887164 Class - C:\Windows\system32\887164\887164.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-22 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-22 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
ASUS Security Protect Manager - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll [2007-01-12 607888]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-06 279944]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-22 251504]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-02-24 429816]
{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-02-14 404216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"=C:\Program Files\Advanced Registry Optimizer\ARO.exe [2008-08-12 2084480]
"usuqweu"=c:\users\kamel\appdata\local\usuqweu.exe [2009-04-25 304128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"forand"=C:\Users\KAMEL\Documents\LimeWire\Incomplete\forand.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANTIVIRUS]
C:\Program Files\MicroAntivirus\microAV.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
C:\Windows\ASScrProlog.exe [2008-04-24 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\ASScrPro.exe [2008-04-24 33136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-09 115816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dll]
rundll32 dll32,sm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dll32]
dll32 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-24 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Antivirus Pro]
C:\Program Files\Internet Antivirus Pro\IAPro.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfryfdccmvslkfz]
C:\Windows\System32\regsvr32.exe [2006-11-02 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
C:\Program Files\P4P\P4P.exe [2007-08-03 778240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pp]
C:\Windows\pp06.exe [2009-04-18 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-08-27 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-08-03 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware-Secure]
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe [2008-09-26 601600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-07 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-22 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-03 857648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysfbtray]
C:\Windows\freddy41.exe [2009-04-18 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
C:\Windows\ld02.exe [2009-03-26 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysmstray]
C:\Windows\mstre18.exe [2009-04-18 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\usuqweu]
c:\users\kamel\appdata\local\usuqweu.exe [2009-04-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-02-24 3558136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{47836122-9D2E-476C-9763-B1D366F704E1}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{190ce19b-58b2-11dd-aee3-001fc6559333}]
shell\AutoRun\command - uvg.com
shell\explore\command - uvg.com
shell\open\command - uvg.com


======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"
.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-06-09 12:57:46 ----D---- C:\Program Files\trend micro
2009-06-09 12:57:45 ----D---- C:\rsit
2009-06-08 14:54:11 ----D---- C:\Users\KAMEL\AppData\Roaming\Malwarebytes
2009-06-08 14:54:05 ----D---- C:\ProgramData\Malwarebytes
2009-06-08 14:54:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2009-06-09 12:57:46 ----RD---- C:\Program Files
2009-06-09 12:57:37 ----D---- C:\Windows\Temp
2009-06-09 12:56:51 ----D---- C:\Windows\System32
2009-06-09 12:56:51 ----D---- C:\Windows\inf
2009-06-09 12:56:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-09 12:53:40 ----D---- C:\Windows\system32\WDI
2009-06-09 08:46:13 ----D---- C:\Windows\system32\Tasks
2009-06-09 08:29:07 ----A---- C:\Windows\system32\acovcnt.exe
2009-06-08 14:54:06 ----D---- C:\Windows\system32\drivers
2009-06-08 14:54:05 ----HD---- C:\ProgramData
2009-06-08 14:36:28 ----D---- C:\Windows
2009-06-08 14:32:31 ----D---- C:\Windows\system32\wbem
2009-06-08 14:28:16 ----D---- C:\Windows\Tasks
2009-06-08 14:28:16 ----D---- C:\Windows\system32\spool
2009-06-08 14:28:16 ----D---- C:\Windows\system32\CodeIntegrity
2009-06-08 14:28:16 ----D---- C:\Windows\system32\catroot2
2009-06-08 14:28:16 ----D---- C:\Internet Antivirus Pro
2009-06-08 14:28:15 ----D---- C:\Users\KAMEL\AppData\Roaming\vlc
2009-06-08 14:28:15 ----D---- C:\Users\KAMEL\AppData\Roaming\Internet Antivirus Pro
2009-06-08 14:28:15 ----D---- C:\ProgramData\P4G
2009-06-08 14:28:15 ----D---- C:\Program Files\PKR
2009-06-08 14:28:14 ----D---- C:\Windows\registration
2009-06-08 14:28:14 ----D---- C:\Program Files\LimeWire
2009-06-08 14:28:14 ----D---- C:\Program Files\Internet Antivirus Pro
2009-06-08 14:28:14 ----D---- C:\Program Files\Everest Poker
2009-06-08 14:25:21 ----SHD---- C:\System Volume Information
2009-06-08 14:22:06 ----D---- C:\Windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-09-02 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20081028.001\IDSvix86.sys [2008-09-12 270384]
R1 ItSDisk;ItSDisk; C:\Windows\System32\Drivers\ItSDisk.sys [2006-05-17 23232]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2007-04-14 418104]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-10-03 187952]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-24 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-08-23 1201312]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2007-10-31 46592]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-20 3478528]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-06-17 146824]
R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-30 19456]
R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-30 29184]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam; C:\Windows\system32\DRIVERS\etDevice.sys [2007-09-06 474624]
R3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2007-10-15 206336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-28 1951000]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-05-26 40160]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-21 2222080]
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
R3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2007-09-06 6656]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-10-03 12848]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-01-09 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-10-03 146096]
R3 SYMIDS;SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [2008-10-03 39984]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-10-03 37936]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-10-03 27696]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-03 182456]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-06-30 220160]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 JL2005C;Dual Mode Camera; C:\Windows\System32\Drivers\jl2005c.sys [2007-08-08 68922]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081028.004\NAVENG.SYS [2008-08-21 89104]
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081028.004\NAVEX15.SYS []
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-14 4422560]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-08-23 13312]
R2 ASBroker;Courtier de session de connexion; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Canal de communication local; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-06 94208]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-12-20 643072]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-24 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2007-01-09 108648]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SymAppCore;Symantec AppCore Service; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [2007-01-05 47712]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-09-11 1251720]
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S2 websrvx;websrvx; C:\Program Files\websrvx\websrvx.exe []
S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-01-12 49248]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-22 137200]
S3 ISPwdSvc;Symantec IS Password Validation; C:\Program Files\Norton Internet Security\isPwdSvc.exe [2007-01-14 80504]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
0
Réponse 6 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 juin 2009 à 13:31
télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

[si je suspecte une infection bagle, j'ajoute :

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


_______________________


colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 7 / 17
estrelladamore
9 juin 2009 à 15:59
impossible de le lancer norton me bloque tout et je n'arrive pas a le desactiver jai tout essayer
0
Réponse 8 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 juin 2009 à 16:20
vire norton comme ceci si tu as les codes ...

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

puis refais le message précédent

a plus
0
Réponse 9 / 17
estrelladamore
9 juin 2009 à 17:03
C bon rapport combo fix

ComboFix 09-06-08.05 - KAMEL 09/06/2009 16:33.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.2261 [GMT 2:00]
Lancé depuis: c:\users\KAMEL\Desktop\antibagle.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\users\KAMEL\AppData\Local\kgcuk.dat
c:\users\KAMEL\AppData\Local\kgcuk_nav.dat
c:\users\KAMEL\AppData\Local\kgcuk_navps.dat
c:\users\KAMEL\AppData\Local\usuqweu.dat
c:\users\KAMEL\AppData\Local\usuqweu_nav.dat
c:\users\KAMEL\AppData\Local\usuqweu_navps.dat
c:\windows\9g234sdfdfgjf23
c:\windows\system32\acovcnt.exe
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\x1
D:\Autorun.inf
D:\resycled

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GAOPDXSERV.SYS
-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-05-09 au 2009-06-09 ))))))))))))))))))))))))))))))))))))
.

2009-06-09 14:57 . 2009-06-09 14:57 -------- d-sh--w- \$RECYCLE.BIN
2009-06-09 14:49 . 2009-06-09 14:57 -------- d-----w- c:\users\KAMEL\AppData\Local\temp
2009-06-09 14:49 . 2009-06-09 14:49 -------- d-----w- C:\temp
2009-06-09 14:49 . 2009-06-09 14:49 -------- d-----w- \temp
2009-06-09 14:31 . 2009-06-09 14:57 -------- d-s---w- \antibagle
2009-06-09 12:40 . 2009-06-09 13:05 -------- d-----w- C:\hijackthis
2009-06-09 12:40 . 2009-06-09 13:05 -------- d-----w- \hijackthis
2009-06-09 12:19 . 2009-06-09 12:45 -------- d-sh--w- \Config.Msi
2009-06-09 12:06 . 2009-06-09 12:06 -------- d-----w- c:\users\KAMEL\AppData\Roaming\PeerNetworking
2009-06-09 11:47 . 2009-06-09 14:33 -------- d-----w- \Qoobox
2009-06-09 10:57 . 2009-06-09 10:57 -------- d-----w- c:\program files\trend micro
2009-06-09 10:57 . 2009-06-09 10:57 -------- d-----w- C:\rsit
2009-06-09 10:57 . 2009-06-09 10:57 -------- d-----w- \rsit
2009-06-08 12:54 . 2009-06-08 12:54 -------- d-----w- c:\users\KAMEL\AppData\Roaming\Malwarebytes
2009-06-08 12:54 . 2009-06-08 12:54 -------- d-----w- c:\programdata\Malwarebytes

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 14:55 . 2009-03-06 17:31 3218358272 --sha-w- \hiberfil.sys
2009-06-09 14:55 . 2008-06-29 08:31 3534008320 --sha-w- \pagefile.sys
2009-06-09 14:54 . 2007-04-18 08:33 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-09 14:25 . 2007-04-18 09:09 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-09 14:25 . 2007-04-18 09:09 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-09 14:16 . 2008-06-28 17:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 14:15 . 2008-06-28 17:51 -------- d-----w- c:\programdata\Symantec
2009-06-09 13:06 . 2009-06-09 13:06 -------- d-----w- c:\windows\Fonts\AdvUninstal
2009-06-09 11:54 . 2008-07-24 16:18 -------- d-----w- c:\program files\Google
2009-06-09 11:32 . 2008-07-24 16:11 -------- d-----w- c:\program files\LimeWire
2009-06-09 11:31 . 2009-03-06 21:14 -------- d-----w- c:\program files\Yahoo!
2009-06-09 06:29 . 2009-04-07 09:54 90 ----a-w- c:\users\KAMEL\AppData\Local\ykwmmww.bat
2009-06-08 12:28 . 2008-12-14 02:25 -------- d-----w- c:\users\KAMEL\AppData\Roaming\vlc
2009-06-08 12:28 . 2008-04-24 17:22 -------- d-----w- c:\programdata\P4G
2009-04-21 10:45 . 2009-04-21 10:45 -------- d-----w- c:\program files\Alwil Software
2009-03-28 08:37 . 2008-12-17 01:10 90 ----a-w- c:\users\KAMEL\AppData\Local\jgcfu.bat
2009-03-24 01:29 . 2009-03-24 01:29 86576 ----a-w- c:\users\KAMEL\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-03-24 01:29 . 2009-03-24 01:29 392728 ----a-w- c:\users\KAMEL\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-03-24 01:29 . 2009-03-24 01:29 132672 ----a-w- c:\users\KAMEL\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-12 2084480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6219F87F-0EEE-4895-B83F-6FC85233C2CC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C1B4FE6-045D-4E29-8A22-60CD8847DC84}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{117B4854-5E84-4161-97F2-E5B4EFF53A47}"= Profile=Public|c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{41E10C4E-3B96-4358-BF1A-722A51F474E0}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{44241F38-43DC-4311-892A-47CE238F79A5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C966DEC3-BCAF-4B3E-BF9E-3255BECE9399}"= Disabled:UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{49969F53-ED08-4A7A-99C0-8767E8B3CBCD}"= Disabled:TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{ADA5B30F-C849-4788-A6AD-9444BB1A20CE}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8721B529-2E63-4141-A895-83F219B19352}"= Disabled:c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DisabledInterfaces"= {4D74C580-829B-41DB-A0E6-28683473FD6E},{A3437C59-72D5-4633-952B-34DDFCE99535},{43E4AD5A-D519-4B01-AEBC-A4002F493176}

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [24/04/2008 19:18 15416]
R1 ItSDisk;ItSDisk;c:\windows\System32\drivers\itsdisk.sys [17/05/2006 03:13 23232]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [26/07/2008 17:51 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [26/07/2008 17:51 21504]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\l160x86.sys [31/10/2007 13:55 46592]
R3 DCamUSBET;USB2.0 1.3M UVC WebCam;c:\windows\System32\drivers\etDevice.sys [06/09/2007 10:43 474624]
R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\System32\drivers\etFilter.sys [15/10/2007 09:39 206336]
R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\System32\drivers\etScan.sys [06/09/2007 17:45 6656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-06-09 c:\windows\Tasks\User_Feed_Synchronization-{4F12255F-9404-4EC0-B6BB-7CBB99B9DA5C}.job
- c:\windows\system32\msfeedssync.exe [2008-07-26 07:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-Internet Antivirus Pro - c:\program files\Internet Antivirus Pro\IAPro.exe
HKCU-Explorer_Run-forand - c:\users\KAMEL\Documents\LimeWire\Incomplete\forand.exe
SafeBoot-procexp90.Sys


.
------- Examen supplémentaire -------
.
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
.
------- Associations de fichier -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 16:57
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\windows\TEMP\TMP0000003F7DD975D5137C72FC 524288 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2618065620-4283355869-4112300145-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:e8,5b,94,3c,55,93,33,00
DUMPHIVE0.003 (REGF)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ASWLNPkg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(3104)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItMsg.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\bin\FRA\SFSShell.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\wlanext.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\ASPG.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\System32\conime.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Heure de fin: 2009-06-09 17:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-09 15:01

Avant-CF: 107 394 478 080 octets libres
Après-CF: 107 353 804 800 octets libres

217 --- E O F --- 2009-01-15 15:20
0
Réponse 10 / 17
estrelladamore
9 juin 2009 à 17:05
et rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:14, on 09/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
0
Réponse 11 / 17
estrelladamore
9 juin 2009 à 17:05
et rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:04:14, on 09/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\hijackthis\eden.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: C:\Windows\System32\APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
0
Réponse 12 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 juin 2009 à 17:07
utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 13 / 17
estrelladamore
9 juin 2009 à 17:39
je pense que je collerai le rapport demain matin merci beaucoup a demain
0
Réponse 14 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 juin 2009 à 17:56
ok ensuite il faudra voir pour remettre un antivirus : norton tu le payes?
0
Réponse 15 / 17
estrelladamore
10 juin 2009 à 09:45
bonjour

donc norton c'etait une version d'evaluation ca y est j'ai fait le scan en ligne je le colle
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-06-10 09:42:59
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.1505.0 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@tradedoubler[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@xiti[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@ad.yieldmanager[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@advertising[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@advertising[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\KAMEL\AppData\Roaming\Microsoft\Windows\Cookies\kamel@smartadserver[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location Du@^9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description Du@^9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 16 / 17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
10 juin 2009 à 10:31
ok pas d'infection trouvée

pour immuniser ton pc et tes clés usb: branche les puis lance rav et chosi de protéger le pc
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

________________

lance tool cleaner pour virer ce qui a été utilisé:

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

__________________

désactive ta restauration systeme puis redemarre ton pc puis réactive la
https://forums.cnetfrance.fr/tutoriels-windows-7-8-et-autres-sytemes/104365-desactiver-la-restauration-du-systeme-vista


puis
mets en antivirus antivir qui est gratuit et très bien
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

manuel
http://www.libellules.ch/tuto_antivir.php




voilà c'est bon

si encore des soucis dis le






pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
(celui de Windows) ou mieux COMODO ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.clubic.com/telecharger-fiche11071-sunbelt-persona­l-firewall-e(...)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 17 / 17
estrelladamore
10 juin 2009 à 10:39
d'accord je vais faire tout ca merci beaucoup en tout cas c'est super cool de m'avoir aidé
merci
0

Discussions similaires

XINPUT1_3.dll manquant (missing)
Maxirugue -
dan -

39 réponses
Problème de décodeur TV Bouygues Telecom
Massi119 -
Turone37 -

188 réponses
Voxbone ? qui est-ce ?
fanfan54 -
djakool4 -

158 réponses
Probleme d'installation jeu pc (il manquerait " XINPUT1_3.dll)
Rogerleraton -
Rogerleraton -

6 réponses
Problème de fichiers XINPUT1_3.dll
noWay999 -
baladur13 -

5 réponses