Aide pour éradiquer Vundo et autres...

Résolu
royalscalp Messages postés 348 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour, je suis en pleine période de "désinfection" des ordis de mes proches...
Comme beaucoup d'utilisateurs de PC, ils ne sont pas conscients des "dangers" auxquels ils sont confrontés...

Bref, sur un des PC que j'ai désinfecté, j'ai juste utilisé MBAM comme tool...
Voici le rapport, j'ai jamais vu ça de ma vie pour le moment...quelques 251 fichiers infectés en 15 min --' et ça juste en 'recherche rapide'... Vundo fait partie du lot... No comment

Jugez par vous même (le rapport MBAM témoignant) :

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 2

11/10/2009 22:52:08
mbam-log-2009-10-11 (22-52-08).txt

Type de recherche: Examen rapide
Eléments examinés: 89904
Temps écoulé: 14 minute(s), 30 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 69
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 140

Processus mémoire infecté(s):
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\AdobeR.exe (Worm.RJump) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\__c00D5384.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tuvVLeET.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\opmlihjo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aqqzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXRigDV.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{54a3f8b7-228e-4ed8-895b-de832b2c3959} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfc08cff-c737-4433-bd5a-0ee7efcfee54} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00d5384 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\8c1919b3486 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0024586 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{793757ee-e6d4-414f-9513-9304bdcb06f6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d29832fc-b852-405b-b039-72d979b14998} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxrigdv (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqqihaw (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule19 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f1efbd3d1.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{185060a5-65b5-4e2b-a5d9-0c568652f6bc} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f2a2a80 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm8f2a2a80 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ravav (Worm.RJump) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: c:\windows\system32\console32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Agent) -> Data: system32\console32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvleet -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.24 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\res2 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\NI.UGA6PV_0001_N122M1202 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest (Worm.Archive) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\ShoppingReport\Uninst.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\NI.UGA6PV_0001_N122M1202\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shrtufee.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmwbrbvt.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khgmxxxm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\fdkjhmmf.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ppvwedut.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkrsessm.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\rlqbuhtl.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\iobedxil.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Program Files\GetModule\GetModule19.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\iCheck.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vvxlexmc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\console32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temp\_A00F1EFBD3D1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D5384.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfhvritb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fiwyiwkd.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnmvqwaq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jlnvsaih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asgfcydy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00C8BD0.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\abjupura.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jpacrxap.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebjcyqho.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c002910.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c004C672.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpwixupw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xnfjnuag.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jynmwnss.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00CAB92.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wasboqpu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0026E41.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tyekrban.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubgjcjhk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jgniuhrn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ciydgond.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wcabeuqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gkurimeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c009B4C8.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hqdwsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f2a2a80.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smixgflq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgmqrqxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00F4A01.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niflcljt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rgeaqbia.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pxurefxd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kryocjnc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vkwkldnh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tjwivovp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM8f2a2a80.txt (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\lasctj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxnehn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yvdmfgit.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bkpwnisv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lujexq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lylpqwee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqqzmn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\casyfkkf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkliGy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TEeLVvut.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\TEeLVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccccApP.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qlpdfqyj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlxreesk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kseerxlm.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\getexwvm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cipcpcic.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cicpcpic.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fkkfysac.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jyqfdplq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rposqmsv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mvwxeteg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hcircpqf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqpcrich.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opmlihjo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\xfaudxon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oofwsefg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gfeswfoo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\ADMIN\Local Settings\Temporary Internet Files\Content.IE5\B73OIWXG\kb600179[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qgutnhvw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRigDV.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\noxduafx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYSmMF.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifdbCVo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vsmqsopr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nrpyhwbl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvssTK.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVLeET.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urqQiHaw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvhntugq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\installer.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\installer.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\unpack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\unpack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nocd.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nocd.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nodvd.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\patch.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\patch.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicyManifest\nodvd.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\AdobeR.exe (Worm.RJump) -> Quarantined and deleted successfully.


Aidez moi, merci ! =)

24 réponses

  • 1
  • 2
Réponse 1 / 24
Utilisateur anonyme
 
→ Télécharge SDFix et sauvegarde le sur ton Bureau.

→ Redémarre en MSE

Autre tutorials pour MSE :

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253

→ Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd ( ou Runthis.bat ) pour lancer le scrïpt.
→ Appuie sur Y pour commencer le processus de nettoyage.
→ Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
→ Appuie sur une touche pour redémarrer le PC.
→ Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
→ Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
→ Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
→ Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
→ Poste moi le rapport.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


============================================


==> Usb Fix <==

Server 2 : http://pagesperso-orange.fr/nostools/usbfix.html

● Installe sur ton bureaux Usbfix ( de Chiquitine29 et C_XX )
● Double clique sur l'icône Usbfix le programme se lance ...
● Sur le menu principal de USBFix choisit l'option 1

Un message t'indique alors de brancher tous tes médias amovibles, insère les puis appuie sur une touche pour lancer le scan.

(!) Le menu démarrer et les icônes vont disparaître.. c'est normal (!)

A la fin du scan un rapport s'ouvre dans le bloc note :

● Clique sur le menu Édition puis Sélectionner tout.
● Clique à nouveau sur le menu Édition puis coller.
● Colle le contenue du rapport dans ta prochaine réponse





1
royalscalp Messages postés 348 Statut Membre 1
 
[b]SDFix: Version 1.240 [/b]
Run by ADMIN on 12/10/2009 at 23:23

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\20.tmp - Deleted
C:\WINDOWS\system32\21.tmp - Deleted
C:\WINDOWS\system32\22.tmp - Deleted
C:\WINDOWS\system32\23.tmp - Deleted
C:\WINDOWS\system32\24.tmp - Deleted
C:\WINDOWS\system32\25.tmp - Deleted
C:\WINDOWS\system32\26.tmp - Deleted
C:\WINDOWS\system32\10.tmp - Deleted
C:\WINDOWS\system32\11.tmp - Deleted
C:\WINDOWS\system32\12.tmp - Deleted
C:\WINDOWS\system32\13.tmp - Deleted
C:\WINDOWS\system32\14.tmp - Deleted
C:\WINDOWS\system32\15.tmp - Deleted
C:\WINDOWS\system32\16.tmp - Deleted
C:\WINDOWS\system32\17.tmp - Deleted
C:\WINDOWS\system32\18.tmp - Deleted
C:\WINDOWS\system32\19.tmp - Deleted
C:\WINDOWS\system32\1AB.tmp - Deleted
C:\WINDOWS\system32\1B.tmp - Deleted
C:\WINDOWS\system32\1C.tmp - Deleted
C:\WINDOWS\system32\1E.tmp - Deleted
C:\WINDOWS\system32\1F.tmp - Deleted



Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder C:\VirusEffaceur - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 23:31:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovabneMedia#7&3b048f53&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
"DeviceInstance"="STORAGE\RemovableMedia\7&3b048f53&0&RM"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\##?#STORAGE#RemovabneMedia#7&3b048f53&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\#]
"SymbolicLink"="\\?\STORAGE#RemovableMedia#7&3b048f53&0&RM#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9403283d]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a9403283d]

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\wbem\Performance\WmiApRpl_new.ini 6614 bytes
C:\WINDOWS\system32\wuauclt.exe.wusetup.450708.bak 53080 bytes executable
C:\WINDOWS\system32\wuaueng.dll.wusetup.460311.bak 1712984 bytes executable
C:\WINDOWS\LastGood
C:\WINDOWS\LastGood\INF
C:\WINDOWS\LastGood\INF\oem93.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem93.PNF 0 bytes
C:\WINDOWS\LastGood\INF\oem94.inf 0 bytes
C:\WINDOWS\LastGood\INF\oem94.PNF 0 bytes
C:\WINDOWS\LastGood\INF\wuau.adm 57634 bytes
C:\WINDOWS\LastGood\softwaredistribution
C:\WINDOWS\LastGood\softwaredistribution\authcabs
C:\WINDOWS\LastGood\softwaredistribution\authcabs\7971f918-a847-4430-9279-4a52d1efe18d
C:\WINDOWS\LastGood\softwaredistribution\authcabs\7971f918-a847-4430-9279-4a52d1efe18d\muauth.cab 7630 bytes
C:\WINDOWS\LastGood\system32
C:\WINDOWS\LastGood\system32\cdm.dll 92504 bytes executable
C:\WINDOWS\LastGood\system32\mucltui.dll 271224 bytes executable
C:\WINDOWS\LastGood\system32\muweb.dll 207736 bytes executable
C:\WINDOWS\LastGood\system32\wuapi.dll 549720 bytes executable
C:\WINDOWS\LastGood\system32\wuauclt.exe 53080 bytes executable
C:\WINDOWS\LastGood\system32\wuaucpl.cpl 216408 bytes executable
C:\WINDOWS\LastGood\system32\wuaueng.dll 1712984 bytes executable
C:\WINDOWS\LastGood\system32\wucltui.dll 325976 bytes executable
C:\WINDOWS\LastGood\system32\wups.dll 33624 bytes executable
C:\WINDOWS\LastGood\system32\wups2.dll 43352 bytes executable
C:\WINDOWS\LastGood\system32\wuweb.dll 203096 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 26


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Disabled:Warcraft III"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Disabled:Shareaza Ultimate File Sharing"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sun 12 Mar 2006 10,311,680 A.SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Thu 23 Oct 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1A.tmp"
Thu 6 Nov 2008 318,464 A.SH. --- "C:\WINDOWS\system32\1D.tmp"
Tue 13 May 2008 1,275,360 A.SH. --- "C:\WINDOWS\system32\cafotrxq.tmp"
Wed 23 Jul 2008 2,508,129 A.SH. --- "C:\WINDOWS\system32\qmxojlif.tmp"
Sat 20 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished![/b]
0
royalscalp Messages postés 348 Statut Membre 1 > royalscalp Messages postés 348 Statut Membre
 
Voici celui de USBFix option 1...

Dsl pour le double post



############################## | UsbFix V6.041 |

User : ADMIN (Administrateurs) # BENJAMIN
Update on 12/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:42:31 | 12/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 16,6 Go (4,97 Go free) # NTFS
D:\ -> Disque fixe local # 2,02 Go (2 Go free) [Nouveau nom] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 4,32 Mo (0 Mo free) [U3 System] # CDFS
G:\ -> Disque amovible # 1,91 Go (1,91 Go free) [EMTEC] # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Nettordinateur\stm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

F:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | ! Fin du rapport # UsbFix V6.041 ! |
0
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10 > royalscalp Messages postés 348 Statut Membre
 
UsbFix a déjà été exécuté... Fais ComboFix pour supprimer les restes de Vundo stp
0
Réponse 2 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok maintenant fais ceci stp :

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Je te conseille d'installer la console de récupération !!


ensuite envois le rapport et refais un nouveau rapport RSIT stp
1
royalscalp Messages postés 348 Statut Membre 1
 
J'ai eu un problème entre temps...

Lors des multiples redémarrages que l'on doit effectuer lorsque des tools le demandent, je devais taper un mot de passe, celui de la session de mon ami...

Pour éviter de perdre ce temps (parce que c'est un peu chi*nt de taper toujours un code au démarrage), j'ai supprimé, avec l'accord de mon ami, la demande de mot de passe au démarrage (par le biais de Panneau de Configuration/Comptes Utilisateurs...etc)...

Le problème c'est qu'en redémarrant ce matin, je m'attendais à ne pas avoir à taper de mot de passe. Mais une fenêtre s'affiche quand même, me demandant le mot de passe du compte Administrateur "ADMIN".

Cet ami, qui se nomme Benjamin (vous pouvez le constater dans mes rapports des différents tools), ne sait bien évidemment pas ce mot de passe, bien qu'il en soit lui même l'administrateur...

J'ai cherché sur CCM pour voir si on pouvait résoudre ce problème mais il s'avère que l'on se fait vite passer pour un 'noob qui veut pirater un compte admin'...

En tout cas, ça ne m'avance pas, vu qu'au départ j'étais là pour 'soigner' l'ordi d'un ami ! =/

Merci de l'aide, dois-je déplacer mon post dans une autre partie du Forum ?
0
royalscalp Messages postés 348 Statut Membre 1 > royalscalp Messages postés 348 Statut Membre
 
Dsl encore pour le double post, mais sachez que j'ai demandé de l'aide ici... en attendant une réponse de votre part...


https://forums.commentcamarche.net/forum/affich-14739265-mdp-de-session-supprime-mdp-admin-demande#dernier


Romain.
0
Réponse 3 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Je veins de penser à une chose... Si tu dis que tu as supprimé le mot de passe, il suffit de taper sur Enter sans taper de mot de passe je pense ;)
1
Réponse 4 / 24
Utilisateur anonyme
 
Hello Ouf !!

Vide la quarantaine de Malwarebyte's !!!

Fait ceci pour un scan un peu plus clair :

◆ Télécharge sur ton bureaux RSIT ( Random's Systeme Information Tools ) :

>> http://images.malwareremoval.com/random/RSIT.exe

◆ Double clique sur RSIT.exe qui se trouve sur ton bureau pour le lancer
◆ Une fenêtre intitulé " Disclaimer of Warranty " s'ouvre clique sur continue


Le rapport commence ...


# Les rapports ce trouvent à cet endroit : C:\rsit\info.txt C:\rsit\log.txt ...

/l\ NE LES POSTES PAS SUR LE FORUM /l\

Rend toi à cette adresse :

http://www.cijoint.fr

Héberge les et envoie moi les liens ..

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Salut ,

Tu as essayé cela ?

~~~~~~~~~~~~~~~~> Vundofix <~~~~~~~~~~~~~~~~~~~

• Téléchargez VundoFix sur votre bureau.

› http://www.atribune.org/ccount/click.php?id=4

• Double-cliquez sur VundoFix.exe afin de le lancer, puis cliquez sur le bouton "Scan for Vundo".

• Lorsque le scan est terminé, cliquez sur le bouton "Remove Vundo".

• Une invite vous demandera si vous voulez supprimer les fichiers, cliquez sur YES.

• Après avoir cliqué sur Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers (ne vous inquiétez pas c'est normal !).

• Vous verrez ensuite une invite qui vous annoncera que votre PC va s'éteindre (shutdown en anglais) : cliquez sur OK.

• Une fois votre PC éteint, redémarrez-le.

• Copie/colle le contenu du rapport situé dans C:\vundofix.txt
0
Réponse 6 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonsoir,

effectivement beaucoup de Vundo... Mais il n'y a pas que ça.

Pourrais-tu faire ceci pour vérifier stp :

▶ Télécharge Random's System Information Tool (RSIT).

▶ Un tutoriel sera à ta disposition sur mon site web pour l'installer et l'utiliser correctement.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur 'Continue' à l'écran Disclaimer.

▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.

( C:\RSIT\log.txt et C:\RSIT\info.txt )

CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller

Comment héberger les rapports trop longs de RSIT ??
0
royalscalp Messages postés 348 Statut Membre 1
 
Il faut être membre pour ton lien apparemment...
0
royalscalp Messages postés 348 Statut Membre 1 > royalscalp Messages postés 348 Statut Membre
 
Dsl pour le double post mais je suis la procédure de qui ? LOL
0
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10 > royalscalp Messages postés 348 Statut Membre
 
pas sur mes liens ;)
0
royalscalp Messages postés 348 Statut Membre 1 > geoffrey5 Messages postés 14008 Statut Contributeur sécurité
 
Si ! Lol
A part si je suis vraiment débile, ce qui est plausible...oO'
0
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10 > royalscalp Messages postés 348 Statut Membre
 
Descends dans la page, tu verras qu'il ne faut pas être membre ;)
0
Réponse 7 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Helper-Mask a été le plus rapide , donc je pense que tu peut continuer avec lui

;-)

0
Réponse 8 / 24
royalscalp Messages postés 348 Statut Membre 1
 
Donc voilà pour Helper-Mask :

Info.txt : http://www.cijoint.fr/cjlink.php?file=cj200910/cijdwN9Yzo.txt

Log.txt : http://www.cijoint.fr/cjlink.php?file=cj200910/cijA96kzZo.txt
0
royalscalp Messages postés 348 Statut Membre 1
 
C'est si hardcore ? Lol
0
Réponse 9 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bon bah comme personne ne se lance, j'y vais ;)

Il y a de multiples infections dans ton rapport, il va y avoir du boulot..

Nous allons commencer par les infections que tu as choppé par tes disques amovibles qui sont infectés... Tu as surement branché des clés usb sur un PC qui était déjà infecté et tu as également infecté ton PC.

Commence par faire ceci stp :

▶ Telecharge UsbFix de C_XX & Chiquitine29

▶ tutoriel recherche

▶ Double-clique sur UsbFix présent sur ton bureau, l'installation se fera automatiquement

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Choisi l'option 1 (recherche)

▶ Laisse travailler l'outil

▶ Ensuite post le rapport UsbFix.txt qui apparaîtra

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

* Note : "SniffC.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
royalscalp Messages postés 348 Statut Membre 1
 
Voilà :



############################## | UsbFix V6.041 |

User : ADMIN (Administrateurs) # BENJAMIN
Update on 12/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 22:33:53 | 12/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 16,6 Go (3,96 Go free) # NTFS
D:\ -> Disque fixe local # 2,02 Go (2 Go free) [Nouveau nom] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 4,32 Mo (0 Mo free) [U3 System] # CDFS
G:\ -> Disque amovible # 1,91 Go (1,91 Go free) [EMTEC] # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Nettordinateur\stm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\Documents and Settings\ADMIN\RavMonLog
F:\autorun.inf
G:\adober.exe

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\F
Shell\AutoRun\command =F:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{163d8e1a-afed-11dc-9f2c-00038a000015}
Shell\Auto\command =F:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{447bffde-0514-11de-a07f-9d33dcf4683d}
Shell\Auto\command =F:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{447bffdf-0514-11de-a07f-9d33dcf4683d}
Shell\Auto\command =G:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{4e175180-c6e2-11dc-9f5d-0008d3353bfd}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{590bdf20-b696-11de-a08e-b4dfc43fb239}
Shell\AutoRun\command =F:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{639588b0-fab6-11dd-a075-bdfe2de5c33d}
Shell\Auto\command =AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{7140bfc0-f612-11dd-a074-93f5bba0f93d}
Shell\Auto\command =F:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{81972720-b2e1-11dc-9f38-00038a000015}
Shell\Auto\command =G:\AdobeR.exe e
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{b1e62230-7ccd-11dc-9ec2-00038a000015}
Shell\AutoRun\command =F:\8h3hh3m.exe
Shell\explore\Command =F:\8h3hh3m.exe
Shell\open\Command =F:\8h3hh3m.exe

################## | ! Fin du rapport # UsbFix V6.041 ! |
0
Réponse 10 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok maintenant :

▶ tutoriel nettoyage

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau

▶ choisi l'option 2 ( Suppression )

▶ Ton bureau disparaîtra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .

▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ /!\ UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.androidworld.fr/

▶ Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.

▶ Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

▶ Merci d'avance pour ta contribution !!
0
Réponse 11 / 24
royalscalp Messages postés 348 Statut Membre 1
 
############################## | UsbFix V6.041 |

User : ADMIN (Administrateurs) # BENJAMIN
Update on 12/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 22:43:24 | 12/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) Processor
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 16,6 Go (3,94 Go free) # NTFS
D:\ -> Disque fixe local # 2,02 Go (2 Go free) [Nouveau nom] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM # 4,32 Mo (0 Mo free) [U3 System] # CDFS
G:\ -> Disque amovible # 1,91 Go (1,91 Go free) [EMTEC] # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\Documents and Settings\ADMIN\RavMonLog
Non supprimé ! F:\autorun.inf
Supprimé ! G:\adober.exe

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{163d8e1a-afed-11dc-9f2c-00038a000015}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{447bffde-0514-11de-a07f-9d33dcf4683d}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{447bffdf-0514-11de-a07f-9d33dcf4683d}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4e175180-c6e2-11dc-9f5d-0008d3353bfd}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{639588b0-fab6-11dd-a075-bdfe2de5c33d}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{7140bfc0-f612-11dd-a074-93f5bba0f93d}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{81972720-b2e1-11dc-9f38-00038a000015}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b1e62230-7ccd-11dc-9ec2-00038a000015}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[13/06/2007 21:00|--a------|0] C:\AUTOEXEC.BAT
[11/10/2009 23:52|---hs----|212] C:\boot.ini
[05/08/2004 14:00|-rahs----|4952] C:\Bootfont.bin
[12/10/2009 00:05|--a------|2366] C:\cc_20091012_000319.reg
[13/06/2007 21:00|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[17/10/2007 18:55|--a------|1091] C:\INSTALL.LOG
[13/06/2007 21:00|-rahs----|0] C:\IO.SYS
[07/10/2007 18:06|--ah-----|1173] C:\IPH.PH
[21/12/2007 22:41|--a------|183] C:\LogiSetup.log
[13/06/2007 21:00|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[05/08/2004 14:00|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[22/06/2008 22:47|--ah-----|268] C:\sqmdata00.sqm
[22/06/2008 22:47|--ah-----|268] C:\sqmdata01.sqm
[24/06/2008 01:49|--ah-----|268] C:\sqmdata02.sqm
[24/06/2008 01:50|--ah-----|268] C:\sqmdata03.sqm
[25/08/2008 21:11|--ah-----|268] C:\sqmdata04.sqm
[27/08/2008 23:47|--ah-----|304] C:\sqmdata05.sqm
[27/08/2008 23:53|--ah-----|292] C:\sqmdata06.sqm
[31/08/2008 21:52|--ah-----|268] C:\sqmdata07.sqm
[22/10/2008 19:30|--ah-----|268] C:\sqmdata08.sqm
[22/10/2008 19:30|--ah-----|148] C:\sqmdata09.sqm
[22/10/2008 19:30|--ah-----|148] C:\sqmdata10.sqm
[05/11/2008 19:36|--ah-----|292] C:\sqmdata11.sqm
[27/02/2009 22:59|--ah-----|136] C:\sqmdata12.sqm
[27/02/2009 23:00|--ah-----|268] C:\sqmdata13.sqm
[21/05/2008 20:59|--ah-----|232] C:\sqmdata14.sqm
[22/05/2008 19:33|--ah-----|232] C:\sqmdata15.sqm
[22/05/2008 20:23|--ah-----|232] C:\sqmdata16.sqm
[06/06/2008 18:31|--ah-----|232] C:\sqmdata17.sqm
[22/06/2008 21:24|--ah-----|304] C:\sqmdata18.sqm
[22/06/2008 21:29|--ah-----|304] C:\sqmdata19.sqm
[22/06/2008 22:47|--ah-----|244] C:\sqmnoopt00.sqm
[22/06/2008 22:47|--ah-----|244] C:\sqmnoopt01.sqm
[24/06/2008 01:49|--ah-----|244] C:\sqmnoopt02.sqm
[24/06/2008 01:50|--ah-----|244] C:\sqmnoopt03.sqm
[25/08/2008 21:11|--ah-----|244] C:\sqmnoopt04.sqm
[27/08/2008 23:47|--ah-----|244] C:\sqmnoopt05.sqm
[27/08/2008 23:53|--ah-----|244] C:\sqmnoopt06.sqm
[31/08/2008 21:52|--ah-----|244] C:\sqmnoopt07.sqm
[22/10/2008 19:30|--ah-----|244] C:\sqmnoopt08.sqm
[22/10/2008 19:30|--ah-----|136] C:\sqmnoopt09.sqm
[05/11/2008 19:36|--ah-----|244] C:\sqmnoopt10.sqm
[27/02/2009 22:59|--ah-----|136] C:\sqmnoopt11.sqm
[27/02/2009 23:00|--ah-----|244] C:\sqmnoopt12.sqm
[21/05/2008 12:59|--ah-----|244] C:\sqmnoopt13.sqm
[21/05/2008 20:59|--ah-----|244] C:\sqmnoopt14.sqm
[22/05/2008 19:33|--ah-----|244] C:\sqmnoopt15.sqm
[22/05/2008 20:23|--ah-----|244] C:\sqmnoopt16.sqm
[06/06/2008 18:31|--ah-----|244] C:\sqmnoopt17.sqm
[22/06/2008 21:24|--ah-----|244] C:\sqmnoopt18.sqm
[22/06/2008 21:29|--ah-----|244] C:\sqmnoopt19.sqm
[24/05/2001 12:59|--a------|162304] C:\UNWISE.EXE
[12/10/2009 22:46|--a------|5371] C:\UsbFix.txt
[11/01/2009 03:11|--a------|665] C:\xcrashdump.dat
[16/11/2006 11:51|-r-------|159] F:\autorun.inf
[16/11/2006 13:26|-r-------|1095224] F:\LaunchU3.exe
[02/02/2007 13:06|-r-------|3375339] F:\LaunchPad.zip
[11/10/2009 20:46|---hs----|348160] G:\msvcr71.dll
[16/11/2006 13:26|-ra------|1095224] G:\LaunchU3.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\ADMIN\Bureau\UsbFix_Upload_Me_BENJAMIN.zip : https://www.androidworld.fr/
Merci pour votre contribution .
0
Réponse 12 / 24
Utilisateur anonyme
 
Geoffrey va continuer avec toi ;-)

+++
0
royalscalp Messages postés 348 Statut Membre 1
 
Ok... Je suppose que tu lui fais passer l'info...

Merci à toi en tout cas ! ;)
0
Réponse 13 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok maintenant fais SDfix comme expliqué par Helper mask ICI
0
Réponse 14 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonjour,

ça c'est un gros problème :s

Tu pourrais peut-être le régler en redémarrant en mode sans échec et en choisissant de ne pas garder le mot de passe actuel... Mais je ne suis pas sûre que ça marchera vu que tu ne pourras pas te connecter en admin.

Au sinon il y a Ultimate Boot CD : http://www.pcinpact.com/actu/news/Ultimate_Boot_CD_Version_30_Ca_peut_etre_utile.htm
0
Réponse 15 / 24
royalscalp Messages postés 348 Statut Membre 1
 
Mdr ! J'y avais pas pensé ! Dire que ça fait 2h que je suis dessus !

Ca marche ! Merci !
Ah chuis c*n parfois ! lol


Je continue la procédure alors et je mets mon autre post comme résolu, en expliquant ma démarche (hyper simple tout de même...)
0
Réponse 16 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
;)

++
0
Réponse 17 / 24
royalscalp Messages postés 348 Statut Membre 1
 
Dsl pour le retard...

Voilà le rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by ADMIN at 2009-10-13 14:53:15
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (27%) free of 17 GB
Total RAM: 255 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:40, on 13/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Fichiers communs\Nettordinateur\stm.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ADMIN\Bureau\RSIT.exe
C:\Program Files\trend micro\ADMIN.exe
C:\Program Files\Mozilla Firefox\uninstall\helper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Salestart(1)] "C:\Program Files\Fichiers communs\Nettordinateur\stm.exe" dm=http://nettordinateur.com ad=http://nettordinateur.com sd=http://paylogs.nettordinateur.com
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Benjamin
O17 - HKLM\Software\..\Telephony: DomainName = Benjamin
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Benjamin
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Benjamin
0
Réponse 18 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Re,

il y a quelque chose qui me paraît louche... C'est que tes services (lignes 023) ne sont pas listés dans le rapport :s

/!\ Procédure strictement réservée à royalscalp /!\

Pour les visiteurs de ce sujet ayant le même problème : NE PAS EXECUTER CETTE PROCEDURE !!


▶ Télécharge OTM (de Old_Timer) sur ton Bureau

▶ Double-clique sur OTM.exe pour le lancer.

▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".


:processes
explorer.exe
stm.exe

:files
c:\program files\fichiers communs\nettordinateur\stm.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Salestart(1)"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]



▶ clique sur MoveIt! pour lancer la suppression.

▶ Le résultat apparaitra dans le cadre "Results".

▶ Clique sur Exit pour fermer.

▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.


ensuite :


▶ Télécharge et enregistre le fichier d installation de AD-Remover sur ton bureau :

https://www.androidworld.fr/

▶ tutoriel recherche

/!\ Ne fait pas le nettoyage tout dessuite /!\

▶ Double clique sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.

Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"

▶ Au menu principal choisi l'option "S"

▶ Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 19 / 24
royalscalp Messages postés 348 Statut Membre 1
 
J'en ai mis du temps... Tout ça à cause de cette NeufBox qui marche à moitié niveau Wifi...bref !

Voici le rapport OTM :



All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named stm.exe was found!
========== FILES ==========
c:\program files\fichiers communs\nettordinateur\stm.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Salestart(1) deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ADMIN
->Temp folder emptied: 31873 bytes
->Temporary Internet Files folder emptied: 49401 bytes
->FireFox cache emptied: 34666554 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: MARIE
->Temp folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: New Folder

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 11320129 bytes
Windows Temp folder emptied: 1122 bytes
RecycleBin emptied: 779 bytes

Total Files Cleaned = 46,05 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10142009_111010

Files moved on Reboot...

Registry entries deleted on Reboot...




Et celui de AD-Remover :

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Z | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 14.10.2009 à 19:45
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:05:58, 14/10/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: BENJAMIN | Utilisateur actuel: ADMIN
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\SWEETIE
HKLM\Software\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Classes\SWEETIE.IEToolbar
HKLM\Software\Classes\SWEETIE.IEToolbar.1
HKLM\Software\Classes\SWEETIE.SWEETIE
HKLM\Software\Classes\SWEETIE.SWEETIE.1
HKLM\Software\Classes\ToolBand.SWEETIE
HKLM\Software\Classes\ToolBand.SWEETIE.1
HKLM\Software\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-21-73586283-1563985344-1060284298-1004\Components\96D82BE152767B245B7D948EF9126F46
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-21-73586283-1563985344-1060284298-1004\Components\C34CFCB49C8F0814C88A64469E1A2B9E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-21-73586283-1563985344-1060284298-1004\Components\DF75D238060B32E42A452FB5F328222E
.
C:\Program Files\Macrogaming
C:\Windows\Installer\88ea51.msi
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: tmb7el5w.default (ADMIN)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Error: Value: "Tabs" does not exist!
.
===================================
.
4074 Octet(s) - C:\Ad-Report-SCAN[1].log
.
4 Fichier(s) - C:\DOCUME~1\ADMIN\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
1 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 22:14:46 | 14/10/2009 - SCAN[1]
.
============== E.O.F ==============
.
0
Réponse 20 / 24
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonsoir,

! Déconnectes toi et fermes toutes applications en cours !

● tutoriel nettoyage

● Relances "Ad-remover" : au menu principal choisi l'option "L" .

● Laisse travailler l'outil et ne touche plus à rien

● Postes le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)
0
royalscalp Messages postés 348 Statut Membre 1
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Z | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 14.10.2009 à 19:45
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:56:06, 15/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: BENJAMIN | Utilisateur actuel: ADMIN
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\SWEETIE
HKLM\Software\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Classes\SWEETIE.IEToolbar
HKLM\Software\Classes\SWEETIE.IEToolbar.1
HKLM\Software\Classes\SWEETIE.SWEETIE
HKLM\Software\Classes\SWEETIE.SWEETIE.1
HKLM\Software\Classes\ToolBand.SWEETIE
HKLM\Software\Classes\ToolBand.SWEETIE.1
HKLM\Software\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6D63A65-BD23-46F3-B9A3-87F442423481}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-21-73586283-1563985344-1060284298-1004\Components\96D82BE152767B245B7D948EF9126F46
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-21-73586283-1563985344-1060284298-1004\Components\C34CFCB49C8F0814C88A64469E1A2B9E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-21-73586283-1563985344-1060284298-1004\Components\DF75D238060B32E42A452FB5F328222E
.
C:\Program Files\Macrogaming
C:\Windows\Installer\88ea51.msi

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: tmb7el5w.default (ADMIN)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 6.0.2900.2180 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3798 Octet(s) - C:\Ad-Report-CLEAN[1].log
4398 Octet(s) - C:\Ad-Report-SCAN[1].log
.
2 Fichier(s) - C:\DOCUME~1\ADMIN\LOCALS~1\Temp
0 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
76 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 19:02:30 | 15/10/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0

Discussions similaires

Surinfection Win32:Virut,Win32:Rootkit-gen,tr
gorgutz -
gorgutz -

29 réponses
Eradiquer stij.exe et autres
arcyne -
arcyne -

3 réponses
eradiquer WPS Office
dobyone -
bazfile -

33 réponses
Eradiquer Win32:Somoto-J
-Hana. -
-Hana. -

13 réponses
aidez-moi à éradiquer un reminder.
papa John -
papa John -

2 réponses