Rapport HiacjThis suite à infection

Question

Bonjour,

Après avoir trouvé de nombreux trojans avec Malware byte's, dr web cure it et spybot, je me tourne vers vous pour savoir si mon infection est bel et bien terminée.

En effet, les analyses ne montrent plus rien.

Cependant, pour etre plus sur, voici le rapport d'hijackthis.

Merci à vous.

Cordialement,
Nico

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:12, on 09/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Amel\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.univ-orleans.fr/fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.asus.com/fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: errorsafe.com ## added by CiD
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {561c2b22-43bb-49dd-a378-a84d2a99bb7b} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Wireless Console] C:\Program Files\ASUS\Wireless Console\wcourier.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{072A568B-7B71-4B91-BA83-A3A9A8A849ED}: NameServer = 163.9.1.2,163.9.6.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{756270D5-9D86-4FB8-BAF0-1E930D3929EB}: Domain = cnrs-orleans.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{756270D5-9D86-4FB8-BAF0-1E930D3929EB}: NameServer = 163.9.1.2,163.9.6.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{072A568B-7B71-4B91-BA83-A3A9A8A849ED}: NameServer = 163.9.1.2,163.9.6.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{072A568B-7B71-4B91-BA83-A3A9A8A849ED}: NameServer = 163.9.1.2,163.9.6.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\lutovute.dll c:\windows\system32\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

jlpjlp · Answer

slt,


# télécharger Hoster : 
http://www.funkytoad.com/download/HostsXpert.zip 

# Dézipper le dossier sur le bureau. 
# Lancer Hoster et cliquer sur Restore Microsoft's Hosts File 


si impossible fais RHOST 

http://siri.urz.free.fr/RHosts.php 

________________

tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt)

Nico · Answer

Merci à toi.

J'ai correctement effectué RHost.

Voici le rapport de Lop S&D :


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.73GHz )
   BIOS : Default System BIOS
   USER : Amel ( Administrator )
   BOOT : Normal boot
   Antivirus : Symantec AntiVirus Corporate Edition 10.1.0.394 (Activated)
   C:\ (Local Disk) - FAT32 - Total:43 Go (Free:18 Go)
   D:\ (Local Disk) - FAT32 - Total:29 Go (Free:9 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [1] ( 09/06/2009|14:38 )
 
   --------------------\  Listing des dossiers dans APPLIC~1

   [10/10/2006|11:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
   [10/10/2006|12:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
   [10/10/2006|12:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Logitech
   [10/10/2006|11:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [10/10/2006|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

   [03/06/2009|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   [10/10/2006|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [15/12/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [03/06/2009|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [03/06/2009|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [18/03/2007|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
   [17/12/2006|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [10/10/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
   [08/06/2009|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [11/10/2006|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Micro Application
   [10/10/2006|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [19/06/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
   [10/10/2006|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [16/04/2009|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [08/06/2009|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [10/10/2006|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [30/04/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [19/11/2006|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Global Real Type
   [10/10/2006|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [10/03/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

   [10/10/2006|11:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [10/10/2006|11:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [07/05/2009|14:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
   [10/10/2006|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
   [07/05/2009|14:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ipswitch
   [10/10/2006|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
   [07/05/2009|14:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [10/10/2006|11:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [07/05/2009|14:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
   [10/10/2006|12:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

   [10/10/2006|16:47] C:\DOCUME~1\AMEL\APPLIC~1\Adobe
   [23/10/2006|06:47] C:\DOCUME~1\AMEL\APPLIC~1\AdobeUM
   [17/12/2006|08:08] C:\DOCUME~1\AMEL\APPLIC~1\Ahead
   [03/06/2009|12:16] C:\DOCUME~1\AMEL\APPLIC~1\Apple Computer
   [14/10/2007|10:30] C:\DOCUME~1\AMEL\APPLIC~1\EndNote
   [10/10/2006|11:48] C:\DOCUME~1\AMEL\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\AMEL\APPLIC~1\Intel
   [10/10/2006|12:00] C:\DOCUME~1\AMEL\APPLIC~1\InterTrust
   [06/12/2007|15:03] C:\DOCUME~1\AMEL\APPLIC~1\Ipswitch
   [10/10/2006|12:04] C:\DOCUME~1\AMEL\APPLIC~1\Logitech
   [10/10/2006|14:14] C:\DOCUME~1\AMEL\APPLIC~1\Macromedia
   [08/06/2009|12:56] C:\DOCUME~1\AMEL\APPLIC~1\Malwarebytes
   [10/10/2006|11:37] C:\DOCUME~1\AMEL\APPLIC~1\Microsoft
   [16/11/2006|20:29] C:\DOCUME~1\AMEL\APPLIC~1\Mozilla
   [21/10/2006|20:01] C:\DOCUME~1\AMEL\APPLIC~1\MSNInstaller
   [17/03/2007|03:13] C:\DOCUME~1\AMEL\APPLIC~1\Real
   [10/03/2007|10:52] C:\DOCUME~1\AMEL\APPLIC~1\Screenshot Sender
   [16/04/2009|06:37] C:\DOCUME~1\AMEL\APPLIC~1\Skype
   [13/05/2009|18:11] C:\DOCUME~1\AMEL\APPLIC~1\skypePM
   [13/11/2007|02:39] C:\DOCUME~1\AMEL\APPLIC~1\Sun
   [10/10/2006|12:07] C:\DOCUME~1\AMEL\APPLIC~1\Symantec
   [10/03/2007|10:52] C:\DOCUME~1\AMEL\APPLIC~1\The link
   [02/04/2009|08:52] C:\DOCUME~1\AMEL\APPLIC~1\U3

   [23/11/2006|09:49] C:\DOCUME~1\MED_CLIM\APPLIC~1\Adobe
   [04/12/2006|14:34] C:\DOCUME~1\MED_CLIM\APPLIC~1\AdobeUM
   [10/10/2006|11:48] C:\DOCUME~1\MED_CLIM\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\MED_CLIM\APPLIC~1\Intel
   [10/10/2006|12:00] C:\DOCUME~1\MED_CLIM\APPLIC~1\InterTrust
   [17/06/2008|12:53] C:\DOCUME~1\MED_CLIM\APPLIC~1\Ipswitch
   [10/10/2006|12:04] C:\DOCUME~1\MED_CLIM\APPLIC~1\Logitech
   [24/11/2006|19:01] C:\DOCUME~1\MED_CLIM\APPLIC~1\Macromedia
   [10/10/2006|11:37] C:\DOCUME~1\MED_CLIM\APPLIC~1\Microsoft
   [23/11/2006|09:56] C:\DOCUME~1\MED_CLIM\APPLIC~1\Mozilla
   [04/06/2007|09:07] C:\DOCUME~1\MED_CLIM\APPLIC~1\Real
   [10/10/2006|12:07] C:\DOCUME~1\MED_CLIM\APPLIC~1\Symantec
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [03/06/2009 12:13][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [09/06/2009 14:37][--a------] C:\WINDOWS	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [09/06/2009 14:00][--ah-----] C:\WINDOWS	asks\AE60F2D591936405.job
   [09/06/2009 13:29][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   ( AE60F2D591936405.job )=( c:\docume~1\amel\applic~1	helin~1\TICKLIVEBARB.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [10/10/2006|16:44] C:\Program Files\Adobe
   [15/12/2006|19:29] C:\Program Files\Ahead
   [10/10/2006|11:59] C:\Program Files\AnwSoft
   [03/06/2009|12:13] C:\Program Files\Apple Software Update
   [10/10/2006|11:59] C:\Program Files\ASUS
   [20/10/2006|18:52] C:\Program Files\BeWAN ADSL V1.9.0.5
   [03/06/2009|12:15] C:\Program Files\Bonjour
   [21/03/2008|15:12] C:\Program Files\CambridgeSoft
   [30/04/2008|14:57] C:\Program Files\CCleaner
   [10/10/2006|11:45] C:\Program Files\ComPlus Applications
   [10/10/2006|11:58] C:\Program Files\CONEXANT
   [17/12/2006|07:54] C:\Program Files\DVD Shrink
   [14/10/2007|10:29] C:\Program Files\EndNote 9
   [10/10/2006|11:38] C:\Program Files\Fichiers communs
   [10/10/2006|13:57] C:\Program Files\F-Secure
   [26/03/2007|17:43] C:\Program Files\Golden Software
   [24/10/2006|17:57] C:\Program Files\Hewlett-Packard
   [10/10/2006|11:57] C:\Program Files\InstallShield Installation Information
   [30/04/2008|15:03] C:\Program Files\InstantTimeZone
   [10/10/2006|12:03] C:\Program Files\Intel
   [10/10/2006|11:46] C:\Program Files\Internet Explorer
   [23/11/2006|11:09] C:\Program Files\IPScan
   [06/12/2007|15:03] C:\Program Files\Ipswitch
   [13/11/2007|02:26] C:\Program Files\Java
   [10/10/2006|12:04] C:\Program Files\Logitech
   [10/10/2006|11:45] C:\Program Files\Messenger
   [10/03/2007|10:52] C:\Program Files\Messenger Plus! Live
   [10/03/2007|10:13] C:\Program Files\MessengerPlus! 3
   [11/10/2006|11:19] C:\Program Files\Micro Application
   [12/05/2007|11:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [10/10/2006|11:49] C:\Program Files\microsoft frontpage
   [11/10/2006|10:27] C:\Program Files\Microsoft Office
   [11/10/2006|10:27] C:\Program Files\Microsoft Visual Studio
   [19/06/2007|11:02] C:\Program Files\Microsoft Works
   [19/06/2007|11:01] C:\Program Files\Microsoft.NET
   [10/10/2006|11:46] C:\Program Files\Movie Maker
   [16/11/2006|20:29] C:\Program Files\Mozilla Firefox
   [19/06/2007|12:00] C:\Program Files\MSBuild
   [10/10/2006|11:45] C:\Program Files\MSN
   [10/10/2006|11:45] C:\Program Files\MSN Gaming Zone
   [21/10/2006|20:13] C:\Program Files\MSN Messenger
   [19/11/2006|15:57] C:\Program Files\MSXML 4.0
   [19/06/2007|12:02] C:\Program Files\MSXML 6.0
   [10/10/2006|11:46] C:\Program Files\NetMeeting
   [07/03/2008|09:30] C:\Program Files\Ocean Optics
   [11/10/2006|10:36] C:\Program Files\OfficeUpdate11
   [10/10/2006|11:45] C:\Program Files\Online Services
   [10/10/2006|11:46] C:\Program Files\Outlook Express
   [10/10/2006|14:00] C:\Program Files\PowerArchiver
   [10/10/2006|14:00] C:\Program Files\Qualcomm
   [03/06/2009|12:13] C:\Program Files\QuickTime
   [17/03/2007|03:15] C:\Program Files\Real
   [10/10/2006|11:57] C:\Program Files\Realtek
   [11/07/2008|16:43] C:\Program Files\RealVNC
   [19/06/2007|11:56] C:\Program Files\Reference Assemblies
   [10/10/2006|11:47] C:\Program Files\Services en ligne
   [17/05/2009|17:16] C:\Program Files\SFR
   [18/01/2008|18:24] C:\Program Files\SigmaPlot
   [16/04/2009|06:36] C:\Program Files\Skype
   [01/06/2007|10:58] C:\Program Files\Sony
   [01/06/2007|10:57] C:\Program Files\Sony Interface Unit IFU-WLM2 Driver
   [08/06/2009|11:24] C:\Program Files\Spybot - Search & Destroy
   [20/09/2008|13:08] C:\Program Files\Sun
   [10/10/2006|12:07] C:\Program Files\Symantec
   [16/01/2008|09:13] C:\Program Files\Symantec AntiVirus
   [10/10/2006|12:05] C:\Program Files\Synaptics
   [10/03/2007|10:52] C:\Program Files\The link
   [10/10/2006|12:17] C:\Program Files\Toshiba
   [10/10/2006|12:12] C:\Program Files\Uninstall Information
   [01/06/2007|10:56] C:\Program Files\USB Wireless LAN(IFU-WLM2)
   [10/03/2007|10:20] C:\Program Files\Windows Live Toolbar
   [19/06/2007|11:43] C:\Program Files\Windows Media Connect 2
   [10/10/2006|11:45] C:\Program Files\Windows Media Player
   [10/10/2006|11:45] C:\Program Files\Windows NT
   [10/10/2006|11:47] C:\Program Files\WindowsUpdate
   [10/10/2006|11:49] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [11/10/2006|11:19] C:\Program Files\Fichiers communs\Acronis
   [10/10/2006|16:45] C:\Program Files\Fichiers communs\Adobe
   [16/01/2008|09:00] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [15/12/2006|19:29] C:\Program Files\Fichiers communs\Ahead
   [10/10/2006|11:59] C:\Program Files\Fichiers communs\AnwSoft
   [03/06/2009|12:12] C:\Program Files\Fichiers communs\Apple
   [19/06/2007|11:02] C:\Program Files\Fichiers communs\DESIGNER
   [10/10/2006|11:57] C:\Program Files\Fichiers communs\InstallShield
   [13/11/2007|02:19] C:\Program Files\Fichiers communs\Java
   [10/10/2006|12:04] C:\Program Files\Fichiers communs\Logitech
   [11/10/2006|11:19] C:\Program Files\Fichiers communs\Micro Application
   [10/10/2006|11:38] C:\Program Files\Fichiers communs\Microsoft Shared
   [10/10/2006|11:46] C:\Program Files\Fichiers communs\MSSoap
   [10/10/2006|11:38] C:\Program Files\Fichiers communs\ODBC
   [17/03/2007|03:15] C:\Program Files\Fichiers communs\Real
   [14/10/2007|10:30] C:\Program Files\Fichiers communs\Risxtd
   [10/10/2006|11:46] C:\Program Files\Fichiers communs\Services
   [16/04/2009|06:36] C:\Program Files\Fichiers communs\Skype
   [10/10/2006|11:38] C:\Program Files\Fichiers communs\SpeechEngines
   [10/10/2006|12:07] C:\Program Files\Fichiers communs\Symantec Shared
   [10/10/2006|11:46] C:\Program Files\Fichiers communs\System
   [26/03/2007|17:42] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [25/04/2008|03:52] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 61 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\AMEL\APPLIC~1\The link
   C:\Program Files\The link
   C:\DOCUME~1\AMEL\APPLIC~1	helin~1
   C:\Program Files	helin~1
   C:\WINDOWS\Tasks\AE60F2D591936405.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-06-09 14:39:27
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:2][D:1]-> C:\DOCUME~1\Amel\LOCALS~1\Temp
   [F:2][D:0]-> C:\DOCUME~1\Amel\Cookies
   [F:2][D:0]-> C:\DOCUME~1\Amel\LOCALS~1\TEMPOR~1\content.IE5
   [F:6][D:0]-> C:\Recycled

   1 - "C:\Lop SD\LopR_1.txt" - 09/06/2009|14:40 - Option : [1]

   --------------------\  Fin du rapport a 14:40:12

jlpjlp · Answer

* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)


(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)

___________________

Télécharge et installe UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Nico · Answer

Merci, voici le rapport de Lop S&D après désinfection.

Je poste USBFix sous peu : 


   --------------------\  Lop S&D 4.2.5-0   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :         Intel(R) Pentium(R) M processor 1.73GHz )
   BIOS : Default System BIOS
   USER : Amel ( Administrator )
   BOOT : Normal boot
   Antivirus : Symantec AntiVirus Corporate Edition 10.1.0.394 (Activated)
   C:\ (Local Disk) - FAT32 - Total:43 Go (Free:18 Go)
   D:\ (Local Disk) - FAT32 - Total:29 Go (Free:9 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)

   "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
   Option : [2] ( 09/06/2009|14:54 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\WINDOWS\Tasks\AE60F2D591936405.job 
   Supprime! - C:\DOCUME~1\AMEL\APPLIC~1\The link
   Supprime! - C:\Program Files\The link
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1

   [10/10/2006|11:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intel
   [10/10/2006|12:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
   [10/10/2006|12:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Logitech
   [10/10/2006|11:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [10/10/2006|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

   [03/06/2009|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
   [10/10/2006|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [15/12/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [03/06/2009|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [03/06/2009|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [18/03/2007|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ConeXware
   [17/12/2006|07:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
   [10/10/2006|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
   [08/06/2009|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [11/10/2006|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Micro Application
   [10/10/2006|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [19/06/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
   [10/10/2006|11:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [16/04/2009|06:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [08/06/2009|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
   [10/10/2006|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
   [30/04/2008|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [19/11/2006|12:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Global Real Type
   [10/10/2006|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [10/03/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

   [10/10/2006|11:37] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [10/10/2006|11:37] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [07/05/2009|14:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
   [10/10/2006|11:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intel
   [07/05/2009|14:15] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ipswitch
   [10/10/2006|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Logitech
   [07/05/2009|14:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [10/10/2006|11:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [07/05/2009|14:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla
   [10/10/2006|12:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

   [10/10/2006|16:47] C:\DOCUME~1\AMEL\APPLIC~1\Adobe
   [23/10/2006|06:47] C:\DOCUME~1\AMEL\APPLIC~1\AdobeUM
   [17/12/2006|08:08] C:\DOCUME~1\AMEL\APPLIC~1\Ahead
   [03/06/2009|12:16] C:\DOCUME~1\AMEL\APPLIC~1\Apple Computer
   [14/10/2007|10:30] C:\DOCUME~1\AMEL\APPLIC~1\EndNote
   [10/10/2006|11:48] C:\DOCUME~1\AMEL\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\AMEL\APPLIC~1\Intel
   [10/10/2006|12:00] C:\DOCUME~1\AMEL\APPLIC~1\InterTrust
   [06/12/2007|15:03] C:\DOCUME~1\AMEL\APPLIC~1\Ipswitch
   [10/10/2006|12:04] C:\DOCUME~1\AMEL\APPLIC~1\Logitech
   [10/10/2006|14:14] C:\DOCUME~1\AMEL\APPLIC~1\Macromedia
   [08/06/2009|12:56] C:\DOCUME~1\AMEL\APPLIC~1\Malwarebytes
   [10/10/2006|11:37] C:\DOCUME~1\AMEL\APPLIC~1\Microsoft
   [16/11/2006|20:29] C:\DOCUME~1\AMEL\APPLIC~1\Mozilla
   [21/10/2006|20:01] C:\DOCUME~1\AMEL\APPLIC~1\MSNInstaller
   [17/03/2007|03:13] C:\DOCUME~1\AMEL\APPLIC~1\Real
   [10/03/2007|10:52] C:\DOCUME~1\AMEL\APPLIC~1\Screenshot Sender
   [16/04/2009|06:37] C:\DOCUME~1\AMEL\APPLIC~1\Skype
   [13/05/2009|18:11] C:\DOCUME~1\AMEL\APPLIC~1\skypePM
   [13/11/2007|02:39] C:\DOCUME~1\AMEL\APPLIC~1\Sun
   [10/10/2006|12:07] C:\DOCUME~1\AMEL\APPLIC~1\Symantec
   [02/04/2009|08:52] C:\DOCUME~1\AMEL\APPLIC~1\U3

   [23/11/2006|09:49] C:\DOCUME~1\MED_CLIM\APPLIC~1\Adobe
   [04/12/2006|14:34] C:\DOCUME~1\MED_CLIM\APPLIC~1\AdobeUM
   [10/10/2006|11:48] C:\DOCUME~1\MED_CLIM\APPLIC~1\Identities
   [10/10/2006|12:15] C:\DOCUME~1\MED_CLIM\APPLIC~1\Intel
   [10/10/2006|12:00] C:\DOCUME~1\MED_CLIM\APPLIC~1\InterTrust
   [17/06/2008|12:53] C:\DOCUME~1\MED_CLIM\APPLIC~1\Ipswitch
   [10/10/2006|12:04] C:\DOCUME~1\MED_CLIM\APPLIC~1\Logitech
   [24/11/2006|19:01] C:\DOCUME~1\MED_CLIM\APPLIC~1\Macromedia
   [10/10/2006|11:37] C:\DOCUME~1\MED_CLIM\APPLIC~1\Microsoft
   [23/11/2006|09:56] C:\DOCUME~1\MED_CLIM\APPLIC~1\Mozilla
   [04/06/2007|09:07] C:\DOCUME~1\MED_CLIM\APPLIC~1\Real
   [10/10/2006|12:07] C:\DOCUME~1\MED_CLIM\APPLIC~1\Symantec
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [09/06/2009 14:49][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [09/06/2009 14:37][--a------] C:\WINDOWS	asks\V‚rifier les mises … jour de Windows Live Toolbar.job
   [09/06/2009 13:29][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [10/10/2006|16:44] C:\Program Files\Adobe
   [15/12/2006|19:29] C:\Program Files\Ahead
   [10/10/2006|11:59] C:\Program Files\AnwSoft
   [03/06/2009|12:13] C:\Program Files\Apple Software Update
   [10/10/2006|11:59] C:\Program Files\ASUS
   [20/10/2006|18:52] C:\Program Files\BeWAN ADSL V1.9.0.5
   [03/06/2009|12:15] C:\Program Files\Bonjour
   [21/03/2008|15:12] C:\Program Files\CambridgeSoft
   [30/04/2008|14:57] C:\Program Files\CCleaner
   [10/10/2006|11:45] C:\Program Files\ComPlus Applications
   [10/10/2006|11:58] C:\Program Files\CONEXANT
   [17/12/2006|07:54] C:\Program Files\DVD Shrink
   [14/10/2007|10:29] C:\Program Files\EndNote 9
   [10/10/2006|11:38] C:\Program Files\Fichiers communs
   [10/10/2006|13:57] C:\Program Files\F-Secure
   [26/03/2007|17:43] C:\Program Files\Golden Software
   [24/10/2006|17:57] C:\Program Files\Hewlett-Packard
   [10/10/2006|11:57] C:\Program Files\InstallShield Installation Information
   [30/04/2008|15:03] C:\Program Files\InstantTimeZone
   [10/10/2006|12:03] C:\Program Files\Intel
   [10/10/2006|11:46] C:\Program Files\Internet Explorer
   [23/11/2006|11:09] C:\Program Files\IPScan
   [06/12/2007|15:03] C:\Program Files\Ipswitch
   [13/11/2007|02:26] C:\Program Files\Java
   [10/10/2006|12:04] C:\Program Files\Logitech
   [10/10/2006|11:45] C:\Program Files\Messenger
   [10/03/2007|10:52] C:\Program Files\Messenger Plus! Live
   [10/03/2007|10:13] C:\Program Files\MessengerPlus! 3
   [11/10/2006|11:19] C:\Program Files\Micro Application
   [12/05/2007|11:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [10/10/2006|11:49] C:\Program Files\microsoft frontpage
   [11/10/2006|10:27] C:\Program Files\Microsoft Office
   [11/10/2006|10:27] C:\Program Files\Microsoft Visual Studio
   [19/06/2007|11:02] C:\Program Files\Microsoft Works
   [19/06/2007|11:01] C:\Program Files\Microsoft.NET
   [10/10/2006|11:46] C:\Program Files\Movie Maker
   [16/11/2006|20:29] C:\Program Files\Mozilla Firefox
   [19/06/2007|12:00] C:\Program Files\MSBuild
   [10/10/2006|11:45] C:\Program Files\MSN
   [10/10/2006|11:45] C:\Program Files\MSN Gaming Zone
   [21/10/2006|20:13] C:\Program Files\MSN Messenger
   [19/11/2006|15:57] C:\Program Files\MSXML 4.0
   [19/06/2007|12:02] C:\Program Files\MSXML 6.0
   [10/10/2006|11:46] C:\Program Files\NetMeeting
   [07/03/2008|09:30] C:\Program Files\Ocean Optics
   [11/10/2006|10:36] C:\Program Files\OfficeUpdate11
   [10/10/2006|11:45] C:\Program Files\Online Services
   [10/10/2006|11:46] C:\Program Files\Outlook Express
   [10/10/2006|14:00] C:\Program Files\PowerArchiver
   [10/10/2006|14:00] C:\Program Files\Qualcomm
   [03/06/2009|12:13] C:\Program Files\QuickTime
   [17/03/2007|03:15] C:\Program Files\Real
   [10/10/2006|11:57] C:\Program Files\Realtek
   [11/07/2008|16:43] C:\Program Files\RealVNC
   [19/06/2007|11:56] C:\Program Files\Reference Assemblies
   [10/10/2006|11:47] C:\Program Files\Services en ligne
   [17/05/2009|17:16] C:\Program Files\SFR
   [18/01/2008|18:24] C:\Program Files\SigmaPlot
   [16/04/2009|06:36] C:\Program Files\Skype
   [01/06/2007|10:58] C:\Program Files\Sony
   [01/06/2007|10:57] C:\Program Files\Sony Interface Unit IFU-WLM2 Driver
   [08/06/2009|11:24] C:\Program Files\Spybot - Search & Destroy
   [20/09/2008|13:08] C:\Program Files\Sun
   [10/10/2006|12:07] C:\Program Files\Symantec
   [16/01/2008|09:13] C:\Program Files\Symantec AntiVirus
   [10/10/2006|12:05] C:\Program Files\Synaptics
   [10/10/2006|12:17] C:\Program Files\Toshiba
   [10/10/2006|12:12] C:\Program Files\Uninstall Information
   [01/06/2007|10:56] C:\Program Files\USB Wireless LAN(IFU-WLM2)
   [10/03/2007|10:20] C:\Program Files\Windows Live Toolbar
   [19/06/2007|11:43] C:\Program Files\Windows Media Connect 2
   [10/10/2006|11:45] C:\Program Files\Windows Media Player
   [10/10/2006|11:45] C:\Program Files\Windows NT
   [10/10/2006|11:47] C:\Program Files\WindowsUpdate
   [10/10/2006|11:49] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [11/10/2006|11:19] C:\Program Files\Fichiers communs\Acronis
   [10/10/2006|16:45] C:\Program Files\Fichiers communs\Adobe
   [16/01/2008|09:00] C:\Program Files\Fichiers communs\Adobe Systems Shared
   [15/12/2006|19:29] C:\Program Files\Fichiers communs\Ahead
   [10/10/2006|11:59] C:\Program Files\Fichiers communs\AnwSoft
   [03/06/2009|12:12] C:\Program Files\Fichiers communs\Apple
   [19/06/2007|11:02] C:\Program Files\Fichiers communs\DESIGNER
   [10/10/2006|11:57] C:\Program Files\Fichiers communs\InstallShield
   [13/11/2007|02:19] C:\Program Files\Fichiers communs\Java
   [10/10/2006|12:04] C:\Program Files\Fichiers communs\Logitech
   [11/10/2006|11:19] C:\Program Files\Fichiers communs\Micro Application
   [10/10/2006|11:38] C:\Program Files\Fichiers communs\Microsoft Shared
   [10/10/2006|11:46] C:\Program Files\Fichiers communs\MSSoap
   [10/10/2006|11:38] C:\Program Files\Fichiers communs\ODBC
   [17/03/2007|03:15] C:\Program Files\Fichiers communs\Real
   [14/10/2007|10:30] C:\Program Files\Fichiers communs\Risxtd
   [10/10/2006|11:46] C:\Program Files\Fichiers communs\Services
   [16/04/2009|06:36] C:\Program Files\Fichiers communs\Skype
   [10/10/2006|11:38] C:\Program Files\Fichiers communs\SpeechEngines
   [10/10/2006|12:07] C:\Program Files\Fichiers communs\Symantec Shared
   [10/10/2006|11:46] C:\Program Files\Fichiers communs\System
   [26/03/2007|17:42] C:\Program Files\Fichiers communs\Wise Installation Wizard
   [25/04/2008|03:52] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 60 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2009-06-09 14:55:15
   Windows 5.1.2600 Service Pack 3 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:2][D:1]-> C:\DOCUME~1\Amel\LOCALS~1\Temp
   [F:2][D:0]-> C:\DOCUME~1\Amel\Cookies
   [F:2][D:0]-> C:\DOCUME~1\Amel\LOCALS~1\TEMPOR~1\content.IE5
   [F:10][D:0]-> C:\Recycled

   1 - "C:\Lop SD\LopR_1.txt" - 09/06/2009|14:40 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 09/06/2009|14:55 - Option : [2]

   --------------------\  Fin du rapport a 14:55:56

Nico · Answer

Comme promis, voici le rapport USBFix :


############################## [ UsbFix V3.029 | Scan ]

# User : Amel (Administrateurs) # MELLOUKI
# Update on 05/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 14:59:11 | 09/06/2009

#         Intel(R) Pentium(R) M processor 1.73GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Symantec AntiVirus Corporate Edition 10.1.0.394 [ Enabled | Updated ]

# C:\ # Disque fixe local # 43,64 Go (18,79 Go free) # FAT32
# D:\ # Disque fixe local # 29 Go (9,52 Go free) # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible # 124,45 Mo (91,41 Mo free) # FAT

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Wireless Console\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\InstantTimeZone\InstantTimeZone.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre Startup ]

HKCU_Main:   "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:   "Start Page"="https://www.univ-orleans.fr/fr" 
HKLM_logon:  "Userinit"="C:\WINDOWS\system32\userinit.exe," 
HKLM_logon:  "DefaultUserName"="Amel" 
HKLM_logon:  "AltDefaultUserName"="Amel" 
HKLM_logon:  "LegalNoticeCaption"="" 
HKLM_logon:  "LegalNoticeText"="" 
HKLM_Run:    HControl=C:\WINDOWS\ATK0100\HControl.exe 
HKLM_Run:    IgfxTray=C:\WINDOWS\system32\igfxtray.exe 
HKLM_Run:    HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe 
HKLM_Run:    ASUS Live Update=C:\Program Files\ASUS\ASUS Live Update\ALU.exe 
HKLM_Run:    Wireless Console=C:\Program Files\ASUS\Wireless Console\wcourier.exe 
HKLM_Run:    Logitech Hardware Abstraction Layer=KHALMNPR.EXE 
HKLM_Run:    SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe 
HKLM_Run:    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
HKLM_Run:    SoundMan=SOUNDMAN.EXE 
HKLM_Run:    AlcWzrd=ALCWZRD.EXE 
HKLM_Run:    Alcmtr=ALCMTR.EXE 
HKLM_Run:    Power_Gear=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 
HKLM_Run:    IntelWireless=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless 
HKLM_Run:    EOUApp=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe 
HKLM_Run:    Acronis Scheduler2 Service="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" 
HKLM_Run:    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" 
HKLM_Run:    ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" 
HKLM_Run:    vptray=C:\PROGRA~1\SYMANT~1\VPTray.exe 
HKLM_Run:    Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" 
HKLM_Run:    KernelFaultCheck=%systemroot%\system32\dumprep 0 -k 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe  

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{260a38f2-d68c-11db-aa75-0013d488f133}\Shell\verb1\Command  
HKCU\...\Explorer\MountPoints2\{35315460-3c39-11dc-ab27-0013d488f133}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{35315460-3c39-11dc-ab27-0013d488f133}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{46ff2f2c-57c8-11dd-ad4c-0013d488f133}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{46ff2f2c-57c8-11dd-ad4c-0013d488f133}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{82d4f542-3d55-11dc-ab2b-0013d488f133}\Shell\Auto\Command  
HKCU\...\Explorer\MountPoints2\{82d4f542-3d55-11dc-ab2b-0013d488f133}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{aab31f06-d77c-11db-aa7e-0013d488f133}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{b04af156-3c20-11dc-ab26-0013d488f133}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{b04af156-3c20-11dc-ab26-0013d488f133}\Shell\explore\Command  
HKCU\...\Explorer\MountPoints2\{b04af156-3c20-11dc-ab26-0013d488f133}\Shell\open\Command  
HKCU\...\Explorer\MountPoints2\{cd097300-1ec6-11de-ae70-0012f0d9f812}\Shell\AutoRun\Command  

################## [ ! Fin du rapport # UsbFix V3.029 ! ]

jlpjlp · Answer

ok fais l'option 2 et colle le rapport

puis


mettre à jour adobe reader  puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

ou passer a un lecteur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas mettre les barres foxit, ask, ebay..)

http://www.commentcamarche.net/telecharger/telechargement 205 foxit reader


_____________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries. 
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.) 
Double-clique sur le répertoire JavaRa obtenu. 
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher) 
Clique sur Search For Updates. 
Sélectionne Update Using jucheck.exe puis clique sur Search. 
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes. 
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions. 
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok. 
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. 
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log 
(c:\JavaRa.log) 
Ferme l'application. 

si cela ne fonctionne pas 

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80 

tu peux désinstaller les vieilles versions. 


puis



 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Nico · Answer

Merci beaucoup.

Voici le rapport USBFix :

############################## [ UsbFix V3.029 | Cleaning ]

# User : Amel (Administrateurs) # MELLOUKI
# Update on 05/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 15:39:43 | 09/06/2009

#         Intel(R) Pentium(R) M processor 1.73GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Symantec AntiVirus Corporate Edition 10.1.0.394 [ Enabled | Updated ]

# C:\ # Disque fixe local # 43,64 Go (18,78 Go free) # FAT32
# D:\ # Disque fixe local # 29 Go (9,52 Go free) # FAT32
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\...\Explorer\MountPoints2\{260a38f2-d68c-11db-aa75-0013d488f133}\Shell\verb1\Command  
Deleted ! HKCU\...\Explorer\MountPoints2\{35315460-3c39-11dc-ab27-0013d488f133}\Shell\Auto\Command  
Deleted ! HKCU\...\Explorer\MountPoints2\{46ff2f2c-57c8-11dd-ad4c-0013d488f133}\Shell\Auto\Command  
Deleted ! HKCU\...\Explorer\MountPoints2\{82d4f542-3d55-11dc-ab2b-0013d488f133}\Shell\Auto\Command  
Deleted ! HKCU\...\Explorer\MountPoints2\{aab31f06-d77c-11db-aa7e-0013d488f133}\Shell\AutoRun\Command  
Deleted ! HKCU\...\Explorer\MountPoints2\{b04af156-3c20-11dc-ab26-0013d488f133}\Shell\AutoRun\Command  
Deleted ! HKCU\...\Explorer\MountPoints2\{cd097300-1ec6-11de-ae70-0012f0d9f812}\Shell\AutoRun\Command  

################## [ Listing des fichiers présent ]

[?|?|?] - C:\pagefile.sys
[22/10/2004 11:57|--a------|9] - C:\W5A.10
[05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
[17/09/2008 18:10|-rahs----|252240] - C:
tldr
[05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
[20/09/2004 11:13|--a------|14] - C:\XPPF_SP2.FRN
[09/12/2004 16:13|--a------|12] - C:\RECOVERY.DAT
[27/10/2006 17:07|-rahs----|212] - C:\boot.ini
[10/10/2006 11:48|--a------|0] - C:\CONFIG.SYS
[10/10/2006 11:48|--a------|0] - C:\AUTOEXEC.BAT
[10/10/2006 11:48|-rahs----|0] - C:\IO.SYS
[10/10/2006 11:48|-rahs----|0] - C:\MSDOS.SYS
[?|?|?] - C:\hiberfil.sys
[07/06/2009 01:23|--ah-----|244] - C:\sqmnoopt19.sqm
[07/06/2009 01:23|--ah-----|232] - C:\sqmdata19.sqm
[08/06/2009 14:27|--ah-----|172] - C:\sqmnoopt03.sqm
[08/06/2009 14:27|--ah-----|172] - C:\sqmdata04.sqm
[20/04/2009 13:44|--a------|2444] - C:\certif_Wahid.p12
[09/06/2009 14:55|--a------|12812] - C:\lopR.txt
[09/06/2009 15:40|--a------|4103] - C:\UsbFix.txt
[10/10/2006 12:20|--a------|9] - C:\Finish.log
[06/06/2009 05:09|--ah-----|172] - C:\sqmnoopt00.sqm
[06/06/2009 04:07|--ah-----|232] - C:\sqmdata00.sqm
[07/06/2009 01:26|--ah-----|172] - C:\sqmnoopt01.sqm
[06/06/2009 10:15|--ah-----|172] - C:\sqmdata01.sqm
[08/06/2009 10:42|--ah-----|244] - C:\sqmnoopt02.sqm
[07/06/2009 01:26|--ah-----|172] - C:\sqmdata02.sqm
[08/06/2009 10:42|--ah-----|232] - C:\sqmdata03.sqm
[08/06/2009 14:42|--ah-----|244] - C:\sqmnoopt04.sqm
[09/06/2009 11:38|--ah-----|172] - C:\sqmnoopt05.sqm
[08/06/2009 14:42|--ah-----|232] - C:\sqmdata05.sqm
[09/06/2009 13:35|--ah-----|244] - C:\sqmnoopt06.sqm
[09/06/2009 11:38|--ah-----|172] - C:\sqmdata06.sqm
[09/06/2009 14:00|--ah-----|172] - C:\sqmnoopt07.sqm
[09/06/2009 13:35|--ah-----|232] - C:\sqmdata07.sqm
[04/06/2009 12:46|--ah-----|172] - C:\sqmnoopt08.sqm
[09/06/2009 14:00|--ah-----|172] - C:\sqmdata08.sqm
[04/06/2009 16:28|--ah-----|244] - C:\sqmnoopt09.sqm
[04/06/2009 12:46|--ah-----|172] - C:\sqmdata09.sqm
[04/06/2009 17:44|--ah-----|172] - C:\sqmnoopt10.sqm
[04/06/2009 16:28|--ah-----|232] - C:\sqmdata10.sqm
[05/06/2009 03:07|--ah-----|244] - C:\sqmnoopt11.sqm
[04/06/2009 17:44|--ah-----|172] - C:\sqmdata11.sqm
[05/06/2009 03:11|--ah-----|172] - C:\sqmnoopt12.sqm
[05/06/2009 03:07|--ah-----|232] - C:\sqmdata12.sqm
[05/06/2009 10:47|--ah-----|244] - C:\sqmnoopt13.sqm
[05/06/2009 03:11|--ah-----|172] - C:\sqmdata13.sqm
[05/06/2009 11:54|--ah-----|244] - C:\sqmnoopt14.sqm
[05/06/2009 10:47|--ah-----|232] - C:\sqmdata14.sqm
[05/06/2009 14:00|--ah-----|172] - C:\sqmnoopt15.sqm
[05/06/2009 11:54|--ah-----|232] - C:\sqmdata15.sqm
[06/06/2009 04:07|--ah-----|244] - C:\sqmnoopt16.sqm
[05/06/2009 14:00|--ah-----|172] - C:\sqmdata16.sqm
[06/06/2009 08:39|--ah-----|244] - C:\sqmnoopt17.sqm
[06/06/2009 05:09|--ah-----|172] - C:\sqmdata17.sqm
[06/06/2009 10:15|--ah-----|172] - C:\sqmnoopt18.sqm
[06/06/2009 08:39|--ah-----|232] - C:\sqmdata18.sqm
[22/07/2006 15:35|--a------|303] - D:\Raccourci vers GK2006.lnk
[01/04/2005 08:46|--a------|36214976] - D:\CRC Press - Handbook of Chemistry and Physics - 84th Edition - 2004 - (Lide D.R. (ed.)) (2475s).pdf
[03/02/2006 15:28|--a------|1104734] - D:\dvdshrink_3.2.0.16_fr.zip
[29/09/2005 15:05|--a------|16626794] - D:\epi312.zip
[21/01/2006 10:02|--a------|433152] - D:\New_Year_Count_down_1.pps
[17/12/2005 09:40|--a------|214528] - D:\Noel.doc
[11/06/2006 19:33|--a------|0] - D:\PDVD_MediaDisc.PlayList
[04/04/2006 20:42|--a------|3392876] - D:\powarc951fr.exe
[17/12/2005 20:44|--a------|75264] - D:\Pr‚sentation.ppt
[24/09/2006 10:48|--a------|315] - D:\Raccourci vers Documents de GK2006.lnk

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.029 ! ] 



Je m'attaque  à adobe et Java.

Nico · Answer

Voici pour JavaRa : 
JavaRa 1.14 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jun 09 15:53:50 2009

Found and removed: C:\Program Files\Java\j2re1.4.2_06

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142060}

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410206

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\JavaPlugin.142_06

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACB9B14518A96D117A58000B0D410206

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

Nico · Answer

Finalement, voici le rapport Kaspersky online.
Merci encore, je pourrais bientot mettre le sujet comme étant résolu!

Le rapport est en ligne ici : 
www.era-orleans.org/rapportkaspersky.html

jlpjlp · Answer

je ne peux atteindre le rapport...

fais  un copier /coller et mets le dans ton prochain message

Nico · Answer

Le voici : 

Nom de l'objet infecté  	Nom du virus  	Dernière action
C:\WINDOWS\system32\config\system.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\software.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\default.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SECURITY 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SAM 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SAM.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SECURITY.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SYSTEM 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SOFTWARE 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\DEFAULT 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SysEvent.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\AppEvent.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\SecEvent.Evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\config\Internet.evt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\CatRoot2	mp.edb 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\CatRoot2\edb.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\system32\h323log.txt 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_c14.dat 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Debug\PASSWD.LOG 	L'objet est verrouillé 	ignoré
C:\WINDOWS\Sti_Trace.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\wiaservc.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\wiadebug.log 	L'objet est verrouillé 	ignoré
C:\WINDOWS\SchedLgU.Txt 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA00001.VBN/www.Nokia_19_jpg-msn.com 	Infecté : Backdoor.Win32.SdBot.bzy 	ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA00001.VBN 	ZIP: infecté - 1 	ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA00001.VBN 	CryptZ: infecté - 1 	ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\NetworkService
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\LocalService
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\NTUSER.DAT 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\Cookies\index.dat 	L'objet est verrouillé 	ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine\autorun.inf 	Infecté : Worm.Win32.AutoRun.aaz 	ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine\Poll each.exe 	Infecté : Trojan.Win32.Obfuscated.en 	ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine\MEMO CASH.0XE 	Infecté : Trojan.Win32.Obfuscated.en 	ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine\hplngyot.exe 	Infecté : Trojan.Win32.Obfuscated.en 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPPolicy.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStart.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStop.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBValid.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBConfig.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBRefr.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBNotify.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetUsr.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStHash.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetLoc.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetDev.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDetect.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDebug.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStMSI.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMReg.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMRSt.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMNot.log 	L'objet est verrouillé 	ignoré
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EPERSIST.DAT 	L'objet est verrouillé 	ignoré
C:\Program Files\Symantec AntiVirus\SAVRT\0065NAV~.TMP 	L'objet est verrouillé 	ignoré
C:\Program Files\Symantec AntiVirus\SAVRT\0302NAV~.TMP 	L'objet est verrouillé 	ignoré
C:\autorun.inf\lpt3.This folder was created by UsbFix 	L'objet est verrouillé 	ignoré
D:\autorun.inf\lpt3.This folder was created by UsbFix 	L'objet est verrouillé 	ignoré
D:\Qualcomm\Eudora\In.mbx/[From ][Date 3 Feb 2006 10:29:58 MET]/[From Celine Mari ][Date 03 Feb 2006 18:15:06][Subj Re: Futur nom du PNCA]/text/[From Wahid MELLOUKI ][Date 03 Feb 2006 18:46:48][Subj Fwd: Eradb avancement]/[From "Nicolas Pouvesle" <pouvesle@cnrs-orleans.fr>][Date 03 Feb 2006 19:56:34][Subj Re: Chloropicrine et ozone]/text/[From vial 	Suspect : Trojan-Spy.HTML.Fraud.gen 	ignoré
D:\Qualcomm\Eudora\In.mbx 	MailBerkeleymbox: suspect - 1 	ignoré
Analyse terminée.

jlpjlp · Answer

vire ce qui est ne quarantaine dans norton et Doctorweb 
ce qui virera tout ceci


C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA00001.VBN/www.Nokia_19_jpg-msn.com­ Infecté : Backdoor.Win32.SdBot.bzy ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA00001.VBN ZIP: infecté - 1 ignoré
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA00001.VBN CryptZ: infecté - 1 ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine\autorun.inf Infecté : Worm.Win32.AutoRun.aaz ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine\Poll each.exe Infecté : Trojan.Win32.Obfuscated.en ignoré
C:\Documents and Settings\Amel\DoctorWeb\Quarantine
__________________

tu as un mail suspect dans eudora : fais le ménage dedans

D:\Qualcomm\Eudora\In.mbx/[From ][Date 3 Feb 2006 10:29:58 MET]/[From Celine Mari ][Date 03 Feb 2006 18:15:06][Subj Re: Futur nom du PNCA]/text/[From Wahid MELLOUKI ][Date 03 Feb 2006 18:46:48][Subj Fwd: Eradb avancement]/[From "Nicolas Pouvesle" <pouvesle@cnrs-orleans.fr>][Date 03 Feb 2006 19:56:34][Subj Re: Chloropicrine et ozone]/text/[From vial Suspect : Trojan-Spy.HTML.Fraud.gen ignoré
D:\Qualcomm\Eudora\In.mbx MailBerkeleymbox: suspect - 1 ignoré
Analyse terminée.

____________________

pour virer ce qui a été utilisé:


Télécharge ToolsCleaner sur ton bureau. 
-->  http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

______________________
encore des soucis???

Nico · Answer

Merci beaucoup.

Problèmes résolus!

jlpjlp · Answer

ok 

bonne suite!

Rapport HiacjThis suite à infection

14 réponses

Votre réponse

Discussions similaires

Newsletters