Probléme à priorie TR/Scar.aakg

Résolu/Fermé
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 - 11 oct. 2009 à 11:16
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 17 oct. 2009 à 10:55
Bonjour,

J'ai voulus installé un logiciel de conversion, lors de l'installation pour anti virus à clignoté comme un sapin de noel (TR/scar.aakg détecté). J'ai arrêter l'installation lancé un scan de l'anti virus, de spy bot mais je crois que le mal est fait !

A chaque démarage j'ai trois erreure :

Erreure de Chargement de c:\users\Samuel\ntuser.dll

Erreure de Chargement de c:\Window\systme32\calc.dll

plfseti.exe a cessé de fonctionné

Voici deux log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-11 11:10:50
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 118 GB (52%) free of 225 GB
Total RAM: 3001 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:02, on 11/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\igfxpers .exe
C:\Windows\System32\hkcmd .exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\rthdvcpl .exe
C:\Program Files\Synaptics\SynTP\syntpenh .exe
C:\Users\Samuel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [calc] rundll32.exe C:\Users\Samuel\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: scandisk.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
A voir également:

32 réponses

Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 11:22
Salut,
En effet le mal est fait ( quel jeu de mot ) mais tout problème a sa solution ;)

-+-+-+-> Lop S&D <-+-+-+-


[x] Télécharge Lop S&D (par Eric_71 & Angeldark) à cette adresse : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[x] /!\ Désactive les protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement.

[x] Double clique sur " LopSD.exe " ( Vista : Clique droit -> Executer en tant qu'administrateur )

[x] Choisis l'option F pour français

[x] Ensuite, Choisis l'option 1 ( Recherche )

[x] Laisse l'outil travailler

[x] Copie/Colle le contenu du rapport qui s'ouvrira et poste le dans ton prochain message.
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
11 oct. 2009 à 11:30
Voilou :)


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4200 @ 2.00GHz )
BIOS : InsydeH2O Version V1.05
USER : Samuel ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:219 Go (Free:115 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 11/10/2009|11:25 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[16/09/2009|11:23] C:\Users\Samuel\AppData\Local\Acer ePower Management V4
[24/09/2009|11:10] C:\Users\Samuel\AppData\Local\Adobe
[16/09/2009|13:37] C:\Users\Samuel\AppData\Local\Apple
[11/10/2009|11:00] C:\Users\Samuel\AppData\Local\Apple Computer
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Application Data
[10/10/2009|11:28] C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/10/2009|11:05] C:\Users\Samuel\AppData\Local\GDIPFONTCACHEV1.DAT
[17/09/2009|13:03] C:\Users\Samuel\AppData\Local\Google
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Historique
[09/10/2009|21:46] C:\Users\Samuel\AppData\Local\IconCache.db
[16/09/2009|12:27] C:\Users\Samuel\AppData\Local\Microsoft
[16/09/2009|11:35] C:\Users\Samuel\AppData\Local\Mozilla
[16/09/2009|11:32] C:\Users\Samuel\AppData\Local\Packard Bell
[08/10/2009|17:36] C:\Users\Samuel\AppData\Local\Real
[11/10/2009|11:22] C:\Users\Samuel\AppData\Local\Temp
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Temporary Internet Files
[16/09/2009|12:29] C:\Users\Samuel\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2009 21:50][--a------] C:\Windows\tasks\At24.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At23.job
[09/10/2009 20:59][--a------] C:\Windows\tasks\At22.job
[09/10/2009 19:59][--a------] C:\Windows\tasks\At21.job
[09/10/2009 18:59][--a------] C:\Windows\tasks\At20.job
[09/10/2009 17:59][--a------] C:\Windows\tasks\At19.job
[09/10/2009 16:59][--a------] C:\Windows\tasks\At18.job
[10/10/2009 15:59][--a------] C:\Windows\tasks\At17.job
[10/10/2009 14:59][--a------] C:\Windows\tasks\At16.job
[10/10/2009 13:59][--a------] C:\Windows\tasks\At15.job
[10/10/2009 13:00][--a------] C:\Windows\tasks\At14.job
[10/10/2009 11:59][--a------] C:\Windows\tasks\At13.job
[11/10/2009 11:00][--a------] C:\Windows\tasks\At12.job
[09/10/2009 09:59][--a------] C:\Windows\tasks\At11.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At10.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At9.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At8.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At7.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At6.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At5.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At4.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At3.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At2.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At1.job
[11/10/2009 11:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job
[10/10/2009 13:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
[11/10/2009 11:02][--ah-----] C:\Windows\tasks\SA.DAT
[09/10/2009 21:46][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/09/2009|14:06] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[09/10/2009|09:14] C:\ProgramData\Adobe
[16/09/2009|13:27] C:\ProgramData\ALM
[18/09/2009|12:11] C:\ProgramData\Apple
[16/09/2009|14:06] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[16/09/2009|15:22] C:\ProgramData\Avira
[16/09/2009|11:17] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[17/09/2009|14:16] C:\ProgramData\ezsidmv.dat
[16/09/2009|11:17] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[16/09/2009|15:08] C:\ProgramData\FLEXnet
[16/09/2009|11:25] C:\ProgramData\Google
[16/09/2009|11:17] C:\ProgramData\Menu D‚marrer
[17/09/2009|11:04] C:\ProgramData\Microsoft
[16/09/2009|12:24] C:\ProgramData\Microsoft Help
[16/09/2009|11:17] C:\ProgramData\ModŠles
[16/09/2009|11:42] C:\ProgramData\Nero
[16/09/2009|12:13] C:\ProgramData\Norton
[17/03/2009|21:09] C:\ProgramData\NortonInstaller
[08/10/2009|16:59] C:\ProgramData\Real
[17/09/2009|14:11] C:\ProgramData\Skype
[08/10/2009|18:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[08/10/2009|17:49] C:\ProgramData\Temp
[02/11/2006|14:59] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[08/10/2009|17:40] C:\Program Files\Adobe
[11/07/2009|05:31] C:\Program Files\AGEIA Technologies
[16/09/2009|13:37] C:\Program Files\Apple Software Update
[21/09/2009|21:21] C:\Program Files\Audacity 1.3 Beta (Unicode)
[16/09/2009|15:22] C:\Program Files\Avira
[21/09/2009|16:25] C:\Program Files\AviSynth 2.5
[01/10/2009|11:16] C:\Program Files\Blender Foundation
[16/09/2009|13:38] C:\Program Files\Bonjour
[08/10/2009|16:59] C:\Program Files\Common Files
[17/03/2009|20:36] C:\Program Files\CONEXANT
[05/10/2009|17:25] C:\Program Files\Core Services
[21/09/2009|11:02] C:\Program Files\CoupeFichier
[11/07/2009|05:30] C:\Program Files\CyberLink
[20/09/2009|14:56] C:\Program Files\epson
[21/09/2009|16:25] C:\Program Files\eRightSoft
[16/09/2009|11:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[16/09/2009|12:35] C:\Program Files\FileZilla FTP Client
[17/09/2009|17:58] C:\Program Files\FlashGet
[08/10/2009|17:51] C:\Program Files\Free RM to MP3 Converter
[16/09/2009|11:25] C:\Program Files\Google
[09/10/2009|12:24] C:\Program Files\Grisbi
[16/09/2009|12:31] C:\Program Files\InstallShield Installation Information
[17/03/2009|20:29] C:\Program Files\Intel
[16/09/2009|13:38] C:\Program Files\Internet Explorer
[03/10/2009|13:12] C:\Program Files\iPod
[03/10/2009|13:14] C:\Program Files\iTunes
[17/09/2009|17:14] C:\Program Files\Java
[17/09/2009|17:16] C:\Program Files\JRE
[08/10/2009|17:40] C:\Program Files\Launch Manager
[17/03/2009|21:01] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[16/09/2009|12:24] C:\Program Files\Microsoft Office
[16/09/2009|12:24] C:\Program Files\Microsoft Works
[21/01/2008|04:47] C:\Program Files\Movie Maker
[24/09/2009|20:07] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/03/2009|20:04] C:\Program Files\MSXML 4.0
[17/03/2009|20:55] C:\Program Files\NewTech Infosystems
[17/09/2009|17:16] C:\Program Files\OpenOffice.org 3
[16/09/2009|12:31] C:\Program Files\PACKARD BELL
[16/09/2009|13:38] C:\Program Files\QuickTime
[08/10/2009|16:59] C:\Program Files\Real
[08/10/2009|17:36] C:\Program Files\Real Alternative
[11/07/2009|05:09] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[08/10/2009|17:35] C:\Program Files\RM to MP3 Converter
[24/09/2009|17:09] C:\Program Files\Safari
[17/09/2009|14:11] C:\Program Files\Skype
[08/10/2009|18:34] C:\Program Files\Spybot - Search & Destroy
[11/07/2009|05:26] C:\Program Files\Synaptics
[11/07/2009|05:10] C:\Program Files\Temp
[11/10/2009|11:11] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[16/09/2009|18:55] C:\Program Files\VideoLAN
[11/07/2009|05:24] C:\Program Files\VideoWebCamera
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[16/09/2009|11:28] C:\Program Files\Windows Live
[17/03/2009|21:00] C:\Program Files\Windows Live SkyDrive
[17/03/2009|19:16] C:\Program Files\Windows Mail
[16/09/2009|12:07] C:\Program Files\Windows Media Player
[16/09/2009|11:17] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[16/09/2009|18:54] C:\Program Files\WinRAR
[21/09/2009|16:24] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2009|14:51] C:\Program Files\Common Files\Adobe
[16/09/2009|12:55] C:\Program Files\Common Files\Adobe AIR
[03/10/2009|13:12] C:\Program Files\Common Files\Apple
[11/07/2009|05:30] C:\Program Files\Common Files\CyberLink
[11/07/2009|05:09] C:\Program Files\Common Files\InstallShield
[17/03/2009|20:52] C:\Program Files\Common Files\Macrovision Shared
[16/09/2009|12:24] C:\Program Files\Common Files\microsoft shared
[16/09/2009|11:42] C:\Program Files\Common Files\Nero
[08/10/2009|16:59] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[17/09/2009|14:11] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|04:47] C:\Program Files\Common Files\System
[17/03/2009|20:59] C:\Program Files\Common Files\Windows Live
[11/07/2009|05:31] C:\Program Files\Common Files\Wise Installation Wizard
[08/10/2009|16:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Samuel\AppData\Local\Temp\nsrbgxod.bak

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 11:26:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job



[F:25337][D:1680]-> C:\Users\Samuel\AppData\Local\Temp
[F:51][D:1]-> C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:601][D:4]-> C:\Users\Samuel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:19][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 11/10/2009|11:30 - Option : [1]

--------------------\\ Fin du rapport a 11:30:03
[ UAC => 1 ]
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 11:32
-+-+-+-> Lop S&D ( Suppression ) <-+-+-+-


[x] Relance Lop S&D mais choisis cette fois l'option n°2

[x] Laisse le scan s'opérer, puis copie/colle le rapport qui s'ouvrira dans ton prochain message.



-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-


[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
11 oct. 2009 à 15:41
ça avance, déjà le démarrage de l'ordinateur se fais sans aucune fenetre d'erreure !


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4200 @ 2.00GHz )
BIOS : InsydeH2O Version V1.05
USER : Samuel ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:219 Go (Free:115 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 11/10/2009|11:33 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Samuel\AppData\Local\Temp\nsrbgxod.bak
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[16/09/2009|11:23] C:\Users\Samuel\AppData\Local\Acer ePower Management V4
[24/09/2009|11:10] C:\Users\Samuel\AppData\Local\Adobe
[16/09/2009|13:37] C:\Users\Samuel\AppData\Local\Apple
[11/10/2009|11:00] C:\Users\Samuel\AppData\Local\Apple Computer
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Application Data
[10/10/2009|11:28] C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/10/2009|11:05] C:\Users\Samuel\AppData\Local\GDIPFONTCACHEV1.DAT
[17/09/2009|13:03] C:\Users\Samuel\AppData\Local\Google
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Historique
[09/10/2009|21:46] C:\Users\Samuel\AppData\Local\IconCache.db
[16/09/2009|12:27] C:\Users\Samuel\AppData\Local\Microsoft
[16/09/2009|11:35] C:\Users\Samuel\AppData\Local\Mozilla
[16/09/2009|11:32] C:\Users\Samuel\AppData\Local\Packard Bell
[08/10/2009|17:36] C:\Users\Samuel\AppData\Local\Real
[11/10/2009|11:33] C:\Users\Samuel\AppData\Local\Temp
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Temporary Internet Files
[16/09/2009|12:29] C:\Users\Samuel\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2009 21:50][--a------] C:\Windows\tasks\At24.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At23.job
[09/10/2009 20:59][--a------] C:\Windows\tasks\At22.job
[09/10/2009 19:59][--a------] C:\Windows\tasks\At21.job
[09/10/2009 18:59][--a------] C:\Windows\tasks\At20.job
[09/10/2009 17:59][--a------] C:\Windows\tasks\At19.job
[09/10/2009 16:59][--a------] C:\Windows\tasks\At18.job
[10/10/2009 15:59][--a------] C:\Windows\tasks\At17.job
[10/10/2009 14:59][--a------] C:\Windows\tasks\At16.job
[10/10/2009 13:59][--a------] C:\Windows\tasks\At15.job
[10/10/2009 13:00][--a------] C:\Windows\tasks\At14.job
[10/10/2009 11:59][--a------] C:\Windows\tasks\At13.job
[11/10/2009 11:00][--a------] C:\Windows\tasks\At12.job
[09/10/2009 09:59][--a------] C:\Windows\tasks\At11.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At10.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At9.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At8.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At7.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At6.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At5.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At4.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At3.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At2.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At1.job
[11/10/2009 11:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job
[10/10/2009 13:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
[11/10/2009 11:02][--ah-----] C:\Windows\tasks\SA.DAT
[09/10/2009 21:46][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/09/2009|14:06] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[09/10/2009|09:14] C:\ProgramData\Adobe
[16/09/2009|13:27] C:\ProgramData\ALM
[18/09/2009|12:11] C:\ProgramData\Apple
[16/09/2009|14:06] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[16/09/2009|15:22] C:\ProgramData\Avira
[16/09/2009|11:17] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[17/09/2009|14:16] C:\ProgramData\ezsidmv.dat
[16/09/2009|11:17] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[16/09/2009|15:08] C:\ProgramData\FLEXnet
[16/09/2009|11:25] C:\ProgramData\Google
[16/09/2009|11:17] C:\ProgramData\Menu D‚marrer
[17/09/2009|11:04] C:\ProgramData\Microsoft
[16/09/2009|12:24] C:\ProgramData\Microsoft Help
[16/09/2009|11:17] C:\ProgramData\ModŠles
[16/09/2009|11:42] C:\ProgramData\Nero
[16/09/2009|12:13] C:\ProgramData\Norton
[17/03/2009|21:09] C:\ProgramData\NortonInstaller
[08/10/2009|16:59] C:\ProgramData\Real
[17/09/2009|14:11] C:\ProgramData\Skype
[08/10/2009|18:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[08/10/2009|17:49] C:\ProgramData\Temp
[02/11/2006|14:59] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[08/10/2009|17:40] C:\Program Files\Adobe
[11/07/2009|05:31] C:\Program Files\AGEIA Technologies
[16/09/2009|13:37] C:\Program Files\Apple Software Update
[21/09/2009|21:21] C:\Program Files\Audacity 1.3 Beta (Unicode)
[16/09/2009|15:22] C:\Program Files\Avira
[21/09/2009|16:25] C:\Program Files\AviSynth 2.5
[01/10/2009|11:16] C:\Program Files\Blender Foundation
[16/09/2009|13:38] C:\Program Files\Bonjour
[08/10/2009|16:59] C:\Program Files\Common Files
[17/03/2009|20:36] C:\Program Files\CONEXANT
[05/10/2009|17:25] C:\Program Files\Core Services
[21/09/2009|11:02] C:\Program Files\CoupeFichier
[11/07/2009|05:30] C:\Program Files\CyberLink
[20/09/2009|14:56] C:\Program Files\epson
[21/09/2009|16:25] C:\Program Files\eRightSoft
[16/09/2009|11:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[16/09/2009|12:35] C:\Program Files\FileZilla FTP Client
[17/09/2009|17:58] C:\Program Files\FlashGet
[08/10/2009|17:51] C:\Program Files\Free RM to MP3 Converter
[16/09/2009|11:25] C:\Program Files\Google
[09/10/2009|12:24] C:\Program Files\Grisbi
[16/09/2009|12:31] C:\Program Files\InstallShield Installation Information
[17/03/2009|20:29] C:\Program Files\Intel
[16/09/2009|13:38] C:\Program Files\Internet Explorer
[03/10/2009|13:12] C:\Program Files\iPod
[03/10/2009|13:14] C:\Program Files\iTunes
[17/09/2009|17:14] C:\Program Files\Java
[17/09/2009|17:16] C:\Program Files\JRE
[08/10/2009|17:40] C:\Program Files\Launch Manager
[17/03/2009|21:01] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[16/09/2009|12:24] C:\Program Files\Microsoft Office
[16/09/2009|12:24] C:\Program Files\Microsoft Works
[21/01/2008|04:47] C:\Program Files\Movie Maker
[24/09/2009|20:07] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/03/2009|20:04] C:\Program Files\MSXML 4.0
[17/03/2009|20:55] C:\Program Files\NewTech Infosystems
[17/09/2009|17:16] C:\Program Files\OpenOffice.org 3
[16/09/2009|12:31] C:\Program Files\PACKARD BELL
[16/09/2009|13:38] C:\Program Files\QuickTime
[08/10/2009|16:59] C:\Program Files\Real
[08/10/2009|17:36] C:\Program Files\Real Alternative
[11/07/2009|05:09] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[08/10/2009|17:35] C:\Program Files\RM to MP3 Converter
[24/09/2009|17:09] C:\Program Files\Safari
[17/09/2009|14:11] C:\Program Files\Skype
[08/10/2009|18:34] C:\Program Files\Spybot - Search & Destroy
[11/07/2009|05:26] C:\Program Files\Synaptics
[11/07/2009|05:10] C:\Program Files\Temp
[11/10/2009|11:11] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[16/09/2009|18:55] C:\Program Files\VideoLAN
[11/07/2009|05:24] C:\Program Files\VideoWebCamera
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[16/09/2009|11:28] C:\Program Files\Windows Live
[17/03/2009|21:00] C:\Program Files\Windows Live SkyDrive
[17/03/2009|19:16] C:\Program Files\Windows Mail
[16/09/2009|12:07] C:\Program Files\Windows Media Player
[16/09/2009|11:17] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[16/09/2009|18:54] C:\Program Files\WinRAR
[21/09/2009|16:24] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2009|14:51] C:\Program Files\Common Files\Adobe
[16/09/2009|12:55] C:\Program Files\Common Files\Adobe AIR
[03/10/2009|13:12] C:\Program Files\Common Files\Apple
[11/07/2009|05:30] C:\Program Files\Common Files\CyberLink
[11/07/2009|05:09] C:\Program Files\Common Files\InstallShield
[17/03/2009|20:52] C:\Program Files\Common Files\Macrovision Shared
[16/09/2009|12:24] C:\Program Files\Common Files\microsoft shared
[16/09/2009|11:42] C:\Program Files\Common Files\Nero
[08/10/2009|16:59] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[17/09/2009|14:11] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|04:47] C:\Program Files\Common Files\System
[17/03/2009|20:59] C:\Program Files\Common Files\Windows Live
[11/07/2009|05:31] C:\Program Files\Common Files\Wise Installation Wizard
[08/10/2009|16:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 11:34:33
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job



[F:25336][D:1684]-> C:\Users\Samuel\AppData\Local\Temp
[F:51][D:1]-> C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:601][D:4]-> C:\Users\Samuel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:19][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 11/10/2009|11:30 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/10/2009|11:37 - Option : [2]

--------------------\\ Fin du rapport a 11:37:59
[ UAC => 1 ]




Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2941
Windows 6.0.6001 Service Pack 1

11/10/2009 15:35:52
mbam-log-2009-10-11 (15-35-52).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 537293
Temps écoulé: 1 hour(s), 58 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\persistence (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acer epower management (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotkeyscmds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdvcpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plfseti (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hkcmd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Realtek\Audio\HDA\rthdvcpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\plfseti.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Synaptics\SynTP\syntpenh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Launch Manager\lmanager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xcnh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YQH6VJL\herff[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YQH6VJL\daarfwjk[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDVFXLSC\daarfwjk[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I28CYVE5\vfsgth[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\igfxtray.exe89 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 15:42
Ok, refais un log RSIT
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
11 oct. 2009 à 18:06
Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-11 18:04:52
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 120 GB (53%) free of 225 GB
Total RAM: 3001 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:20, on 11/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 20:44
-+-+-+-> USBfix <-+-+-+-


[x] Télécharge USBfix à cette adresse : https://www.androidworld.fr/

[x] Un tutoriel est disponible ici : https://www.malekal.com/usbfix-supprimer-virus-usb/

[x] Installe le

[x] Branche tout tes médias amovibles ( clés USB, DD externe )

[x] Lance USBfix en cliquant sur l'icône qui est sur ton bureau ( Clique droit -> Executer en tant qu'administrateur pour vista )

[x] Choisis l'option F ( pour français ) et valide en appuyant sur entrée.

[x] Au menu principal, choisi l'option 1

[x] Laisse l'outil travailler puis poste le rapport dans ton prochain message
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
11 oct. 2009 à 23:09
J'ai du m'absenter, mais je continue y a pas de soucis ^^

############################## | UsbFix V6.040 |

User : Samuel (Administrateurs) # PORTABLE-SAM
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:02:21 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 219,88 Go (119,26 Go free) [OS] # NTFS
D:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\tmp

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{bb19b294-a6cc-11de-8f37-00235af076b1}
shell\AutoRun\command =2a.exe
shell\open\Command =2a.exe

HKCU\..\..\Explorer\MountPoints2\{f1dedfd6-a743-11de-af62-00235af076b1}
shell\AutoRun\command =E:\WDSetup.exe

################## | ! Fin du rapport # UsbFix V6.040 ! |
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 23:10
-+-+-+-> USBfix - Nettoyage <-+-+-+-


[x] Relance USBfix mais cette fois ci choisis l'option 2

/!\ N'oublie pas de laisser tes médias amovibles branchés sur ton PC /!\

[x] Patiente pendant que l'outil travaille.

[x] Ton PC redémarrera, puis USBfix analysera tes médias amovibles.

[x] Poste le rapport situé sous C:\USBfix.txt
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
11 oct. 2009 à 23:29
Voilou :

############################## | UsbFix V6.040 |

User : Samuel (Administrateurs) # PORTABLE-SAM
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:14:22 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 219,88 Go (118,96 Go free) [OS] # NTFS
D:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\tmp

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{bb19b294-a6cc-11de-8f37-00235af076b1}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f1dedfd6-a743-11de-af62-00235af076b1}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[18/09/2006 23:43|--a------|24] C:\autoexec.bat
[21/01/2008 04:34|-rahs----|333203] C:\bootmgr
[18/03/2009 03:49|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 23:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[11/10/2009 11:38|--a------|12131] C:\lopR.txt
[?|?|?] C:\pagefile.sys
[11/07/2009 05:10|--a------|2693] C:\RHDSetup.log
[11/10/2009 23:27|--a------|2816] C:\UsbFix.txt
[08/10/2009 17:41|--a------|9216] C:\whpcy.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 23:32
Bien, refais maintenant un log d'RSIT
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
11 oct. 2009 à 23:34
Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-11 23:33:25
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 124 GB (55%) free of 225 GB
Total RAM: 3001 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:38, on 11/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
11 oct. 2009 à 23:41
-+-+-+-> OTMoveIt <-+-+-+-


[x] Télécharge OTMoveIt (de Old_Timer) à cette adresse : https://www.luanagames.com/index.fr.html sur ton Bureau.

[x] Double-clique sur OTMoveIt.exe.

[x] Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

[x] Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved



:processes
explorer.exe

:files
C:\Windows\tasks\At*.job
C:\whpcy.exe


:commands
[emptytemp]
[purity]
[start explorer]



[x] Clique sur MoveIt! pour lancer la suppression.

[x] Si OTMoveIt propose de redémarrer ton PC, accepte.

[x] Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

[x] Dans ta future réponse, envoie le rapport de OTMoveIt situé sous C:\_OTMoveIt\MovedFiles
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
12 oct. 2009 à 09:04
Le voici :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. C:\Windows\tasks\At1.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At10.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At11.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At12.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At13.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At14.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At15.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At16.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At17.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At18.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At19.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At2.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At20.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At21.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At22.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At23.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At24.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At3.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At4.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At5.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At6.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At7.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At8.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At9.job scheduled to be moved on reboot.
File move failed. C:\whpcy.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Samuel\AppData\Local\Temp\etilqs_ePSerwuOP5VFvmfxbLMx scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Temp\~DF4F81.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10122009_085725
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
12 oct. 2009 à 11:04
Information complémentaire, j'ai encore eu un ecran bleu de windows
De plus une alerte de anti vir : TR/Dldr.Small.kgn

... gloups :( ...
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
12 oct. 2009 à 18:21
Reposte un log RSIT stp
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
12 oct. 2009 à 18:44
Oki voila :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-12 18:42:21
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 117 GB (52%) free of 225 GB
Total RAM: 3001 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:48, on 12/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\EasyPHP5.3.0\EasyPHP-5.3.0.exe
C:\PROGRA~1\EASYPH~1.0\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0\MySql\bin\mysqld.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\PROGRA~1\EASYPH~1.0\Apache\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
0
Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
12 oct. 2009 à 18:46
-+-+-+-> Lop S&D <-+-+-+-


[x] Télécharge Lop S&D (par Eric_71 & Angeldark) à cette adresse : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[x] /!\ Désactive les protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement.

[x] Double clique sur " LopSD.exe " ( Vista : Clique droit -> Executer en tant qu'administrateur )

[x] Choisis l'option F pour français

[x] Ensuite, Choisis l'option 1 ( Recherche )

[x] Laisse l'outil travailler

[x] Copie/Colle le contenu du rapport qui s'ouvrira et poste le dans ton prochain message.


-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-


[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Lance un scan complet !

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message
0
mandonnaud Messages postés 78 Date d'inscription dimanche 11 octobre 2009 Statut Membre Dernière intervention 19 janvier 2022 1
12 oct. 2009 à 21:37
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4200 @ 2.00GHz )
BIOS : InsydeH2O Version V1.05
USER : Samuel ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:219 Go (Free:114 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/10/2009|19:43 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[16/09/2009|11:23] C:\Users\Samuel\AppData\Local\Acer ePower Management V4
[24/09/2009|11:10] C:\Users\Samuel\AppData\Local\Adobe
[16/09/2009|13:37] C:\Users\Samuel\AppData\Local\Apple
[11/10/2009|11:00] C:\Users\Samuel\AppData\Local\Apple Computer
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Application Data
[12/10/2009|19:37] C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/10/2009|11:05] C:\Users\Samuel\AppData\Local\GDIPFONTCACHEV1.DAT
[17/09/2009|13:03] C:\Users\Samuel\AppData\Local\Google
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Historique
[12/10/2009|11:31] C:\Users\Samuel\AppData\Local\IconCache.db
[16/09/2009|12:27] C:\Users\Samuel\AppData\Local\Microsoft
[16/09/2009|11:35] C:\Users\Samuel\AppData\Local\Mozilla
[16/09/2009|11:32] C:\Users\Samuel\AppData\Local\Packard Bell
[08/10/2009|17:36] C:\Users\Samuel\AppData\Local\Real
[12/10/2009|19:43] C:\Users\Samuel\AppData\Local\Temp
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Temporary Internet Files
[16/09/2009|12:29] C:\Users\Samuel\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2009 21:50][--a------] C:\Windows\tasks\At24.job
[11/10/2009 21:59][--a------] C:\Windows\tasks\At23.job
[11/10/2009 20:59][--a------] C:\Windows\tasks\At22.job
[11/10/2009 19:59][--a------] C:\Windows\tasks\At21.job
[12/10/2009 18:59][--a------] C:\Windows\tasks\At20.job
[12/10/2009 17:59][--a------] C:\Windows\tasks\At19.job
[12/10/2009 16:59][--a------] C:\Windows\tasks\At18.job
[12/10/2009 15:59][--a------] C:\Windows\tasks\At17.job
[12/10/2009 14:59][--a------] C:\Windows\tasks\At16.job
[12/10/2009 13:59][--a------] C:\Windows\tasks\At15.job
[12/10/2009 12:59][--a------] C:\Windows\tasks\At14.job
[12/10/2009 12:00][--a------] C:\Windows\tasks\At13.job
[12/10/2009 11:00][--a------] C:\Windows\tasks\At12.job
[12/10/2009 09:59][--a------] C:\Windows\tasks\At11.job
[12/10/2009 09:00][--a------] C:\Windows\tasks\At10.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At9.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At8.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At7.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At6.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At5.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At4.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At3.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At2.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At1.job
[12/10/2009 19:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job
[12/10/2009 13:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
[12/10/2009 11:37][--ah-----] C:\Windows\tasks\SA.DAT
[12/10/2009 10:57][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/09/2009|14:06] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[09/10/2009|09:14] C:\ProgramData\Adobe
[16/09/2009|13:27] C:\ProgramData\ALM
[18/09/2009|12:11] C:\ProgramData\Apple
[16/09/2009|14:06] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[16/09/2009|15:22] C:\ProgramData\Avira
[16/09/2009|11:17] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[17/09/2009|14:16] C:\ProgramData\ezsidmv.dat
[16/09/2009|11:17] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[16/09/2009|15:08] C:\ProgramData\FLEXnet
[16/09/2009|11:25] C:\ProgramData\Google
[11/10/2009|11:37] C:\ProgramData\Malwarebytes
[16/09/2009|11:17] C:\ProgramData\Menu D‚marrer
[17/09/2009|11:04] C:\ProgramData\Microsoft
[16/09/2009|12:24] C:\ProgramData\Microsoft Help
[16/09/2009|11:17] C:\ProgramData\ModŠles
[16/09/2009|11:42] C:\ProgramData\Nero
[16/09/2009|12:13] C:\ProgramData\Norton
[17/03/2009|21:09] C:\ProgramData\NortonInstaller
[08/10/2009|16:59] C:\ProgramData\Real
[17/09/2009|14:11] C:\ProgramData\Skype
[08/10/2009|18:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[08/10/2009|17:49] C:\ProgramData\Temp
[02/11/2006|14:59] C:\ProgramData\Templates
[11/10/2009|13:24] C:\ProgramData\WindowsSearch

--------------------\\ Listing des dossiers dans C:\Program Files

[12/10/2009|15:44] C:\Program Files\7-Zip
[11/10/2009|15:35] C:\Program Files\Adobe
[11/07/2009|05:31] C:\Program Files\AGEIA Technologies
[16/09/2009|13:37] C:\Program Files\Apple Software Update
[21/09/2009|21:21] C:\Program Files\Audacity 1.3 Beta (Unicode)
[16/09/2009|15:22] C:\Program Files\Avira
[21/09/2009|16:25] C:\Program Files\AviSynth 2.5
[01/10/2009|11:16] C:\Program Files\Blender Foundation
[16/09/2009|13:38] C:\Program Files\Bonjour
[08/10/2009|16:59] C:\Program Files\Common Files
[17/03/2009|20:36] C:\Program Files\CONEXANT
[05/10/2009|17:25] C:\Program Files\Core Services
[21/09/2009|11:02] C:\Program Files\CoupeFichier
[11/07/2009|05:30] C:\Program Files\CyberLink
[12/10/2009|11:42] C:\Program Files\EasyPHP5.3.0
[20/09/2009|14:56] C:\Program Files\epson
[21/09/2009|16:25] C:\Program Files\eRightSoft
[16/09/2009|11:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[16/09/2009|12:35] C:\Program Files\FileZilla FTP Client
[17/09/2009|17:58] C:\Program Files\FlashGet
[08/10/2009|17:51] C:\Program Files\Free RM to MP3 Converter
[16/09/2009|11:25] C:\Program Files\Google
[09/10/2009|12:24] C:\Program Files\Grisbi
[16/09/2009|12:31] C:\Program Files\InstallShield Installation Information
[17/03/2009|20:29] C:\Program Files\Intel
[16/09/2009|13:38] C:\Program Files\Internet Explorer
[03/10/2009|13:12] C:\Program Files\iPod
[03/10/2009|13:14] C:\Program Files\iTunes
[17/09/2009|17:14] C:\Program Files\Java
[17/09/2009|17:16] C:\Program Files\JRE
[11/10/2009|15:35] C:\Program Files\Launch Manager
[11/10/2009|11:38] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|21:01] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[16/09/2009|12:24] C:\Program Files\Microsoft Office
[16/09/2009|12:24] C:\Program Files\Microsoft Works
[21/01/2008|04:47] C:\Program Files\Movie Maker
[12/10/2009|15:40] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/03/2009|20:04] C:\Program Files\MSXML 4.0
[17/03/2009|20:55] C:\Program Files\NewTech Infosystems
[17/09/2009|17:16] C:\Program Files\OpenOffice.org 3
[16/09/2009|12:31] C:\Program Files\PACKARD BELL
[16/09/2009|13:38] C:\Program Files\QuickTime
[08/10/2009|16:59] C:\Program Files\Real
[08/10/2009|17:36] C:\Program Files\Real Alternative
[11/07/2009|05:09] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[08/10/2009|17:35] C:\Program Files\RM to MP3 Converter
[24/09/2009|17:09] C:\Program Files\Safari
[17/09/2009|14:11] C:\Program Files\Skype
[08/10/2009|18:34] C:\Program Files\Spybot - Search & Destroy
[11/07/2009|05:26] C:\Program Files\Synaptics
[11/07/2009|05:10] C:\Program Files\Temp
[12/10/2009|18:42] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[16/09/2009|18:55] C:\Program Files\VideoLAN
[11/07/2009|05:24] C:\Program Files\VideoWebCamera
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[16/09/2009|11:28] C:\Program Files\Windows Live
[17/03/2009|21:00] C:\Program Files\Windows Live SkyDrive
[17/03/2009|19:16] C:\Program Files\Windows Mail
[16/09/2009|12:07] C:\Program Files\Windows Media Player
[16/09/2009|11:17] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[16/09/2009|18:54] C:\Program Files\WinRAR
[21/09/2009|16:24] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2009|14:51] C:\Program Files\Common Files\Adobe
[16/09/2009|12:55] C:\Program Files\Common Files\Adobe AIR
[03/10/2009|13:12] C:\Program Files\Common Files\Apple
[11/07/2009|05:30] C:\Program Files\Common Files\CyberLink
[11/07/2009|05:09] C:\Program Files\Common Files\InstallShield
[17/03/2009|20:52] C:\Program Files\Common Files\Macrovision Shared
[16/09/2009|12:24] C:\Program Files\Common Files\microsoft shared
[16/09/2009|11:42] C:\Program Files\Common Files\Nero
[08/10/2009|16:59] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[17/09/2009|14:11] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|04:47] C:\Program Files\Common Files\System
[17/03/2009|20:59] C:\Program Files\Common Files\Windows Live
[11/07/2009|05:31] C:\Program Files\Common Files\Wise Installation Wizard
[08/10/2009|16:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 58 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 19:44:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job



[F:35][D:5]-> C:\Users\Samuel\AppData\Local\Temp
[F:50][D:1]-> C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:147][D:4]-> C:\Users\Samuel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:9][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 11/10/2009|11:30 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/10/2009|11:37 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 12/10/2009|19:49 - Option : [1]

--------------------\\ Fin du rapport a 19:49:39
[ UAC => 1 ]








Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2941
Windows 6.0.6001 Service Pack 1

12/10/2009 21:37:13
mbam-log-2009-10-12 (21-37-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 512048
Temps écoulé: 1 hour(s), 39 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 oct. 2009 à 22:12
Bonsoir,

je m'immisce car il va bien falloir tuer ces tâches planifiées malwares et les fichiers qui vont avec.

¨Par contre, je viens de vérifier, ZHPFix ne tue pas le fichier lancé par la tâche.

Ouvre le Panneau de configuration, Tâches planifiées.

Fais un clic droit sur une des tâches ATxxxx.

Donne le nom du programme associé.
0