Mon PC est t il infecté

kawther84 Messages postés 348 Statut Membre -  
kduc Messages postés 1537 Statut Membre -
Bonjour,
mon PC devient de plus en plus lent, j'ai fait un rapport HijackThis, quelqu'un peut m'aider. d'avance merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:14, on 15/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Iminent\IMBooster\imbooster.exe
C:\Program Files\AutorunRemover\AutorunRemover.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MATLAB\R2008b\bin\win32\MATLAB.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--
End of file - 8795 bytes
Configuration: Windows XP Internet Explorer 8.0

16 réponses

  1. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Désinstalle AGI et Iminent, en allant dans …

    1/ Démarrer > Panneau de Config. > Ajout/suppres… des programmes

    2/ Démarrer > Poste de travail > C:\Program Files\...

    ---
    Puis, fais un clic droit sur le lien pour installer SDFix (par AndyManchesta) :
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
    et sauvegarde-le (Enregistrer dans) sur le Bureau.

    Important : dans "Nom du fichier" enregistre (renomme) "sdfix" ou "SdFix.exe" en sd-fix.exe

    Redémarre en mode sans échec ...
    https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.htm
    (de préférence par F8 au démarrage).

    --------------------------------------------
    Tu n' auras pas accès à Internet pendant le "mode sans échec".
    Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
    sur le "bureau" pour l' avoir à ta disposition.
    --------------------------------------------

    Sur le bureau, double-clique sur sd-fix.exe et choisis Install pour l'extraire sur le Bureau.
    Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur
    RunThis.cmd (ou RunThis.bat) pour lancer le script.

    Appuie sur Y pour commencer le processus de nettoyage.
    Il va supprimer les services et les entrées du Registre des trojans trouvés puis te
    demandera d'appuyer sur une touche pour redémarrer. Fais-le.

    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va
    continuer à s'exécuter et supprimer des fichiers.

    Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
    Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera
    aussi dans le dossier SDFix sous le nom Report.txt.

    Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

    Tuto : https://www.malekal.com/slenfbot-still-an-other-irc-bot/

    Ensuite, ...

    Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
    http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

    PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
    puis sur Supprimer la sélection.
    0
  2. kawther84 Messages postés 348 Statut Membre 1
     
    bonsoir;
    voici les rapport:

    [b]SDFix: Version 1.240 [/b]
    Run by kawther on 15/11/2009 at 22:36

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\kawther\Bureau\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-15 23:20:02
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111]
    "001f01e8fc40"=hex:c8,b9,a2,9a,ca,33,73,4a,24,6c,d7,f2,70,ff,89,dc
    "0021d15d46fc"=hex:cb,ea,6a,26,ab,fb,fe,56,14,5a,cd,02,a7,49,c4,6d
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\111111111111]
    "001f01e8fc40"=hex:c8,b9,a2,9a,ca,33,73,4a,24,6c,d7,f2,70,ff,89,dc
    "0021d15d46fc"=hex:cb,ea,6a,26,ab,fb,fe,56,14,5a,cd,02,a7,49,c4,6d

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
    "C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe:*:Disabled:Nero Home"
    "C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Disabled:Wish Application"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Documents and Settings\\kawther\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\kawther\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Sun\\SDK\\jdk\\bin\\java.exe"="C:\\Sun\\SDK\\jdk\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Documents and Settings\\kawther\\Bureau\\eclipse-SDK-3.5.1-win32\\eclipse\\eclipse.exe"="C:\\Documents and Settings\\kawther\\Bureau\\eclipse-SDK-3.5.1-win32\\eclipse\\eclipse.exe:*:Enabled:eclipse"
    "C:\\Documents and Settings\\kawther\\Bureau\\eclipse-java-ganymede-win32\\eclipse\\eclipse.exe"="C:\\Documents and Settings\\kawther\\Bureau\\eclipse-java-ganymede-win32\\eclipse\\eclipse.exe:*:Enabled:eclipse"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Wed 25 Feb 2009 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Thu 2 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Wed 24 Dec 2008 665,128 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33e2c0b2e0a5331aa370a5e8ce5ad191\BIT3.tmp"
    Wed 19 Aug 2009 2,323,968 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL0003.tmp"
    Wed 30 Sep 2009 6,975,488 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL0004.tmp"
    Sun 6 Sep 2009 3,010,560 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL0640.tmp"
    Thu 20 Aug 2009 2,509,312 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL1414.tmp"
    Sat 18 Jul 2009 54,272 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL1840.tmp"
    Sat 18 Jul 2009 52,224 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL2099.tmp"
    Wed 19 Aug 2009 2,359,296 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL3646.tmp"
    Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\kawther\Application Data\U3\temp\Launchpad Removal.exe"
    Wed 25 Feb 2009 4,348 ...H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Sun 1 Mar 2009 20 A..H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Wed 25 Feb 2009 312 ...H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Sun 1 Mar 2009 1,536 A..H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
    Wed 29 May 2002 42,496 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2007_2008\8b\Chapitre 2\~WRL0855.tmp"
    Mon 18 Aug 2008 80,505 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\mastٹre2\rapport\transparent\preparation partie0\~WRL1354.tmp"
    Sat 11 Oct 2008 160,768 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\Unit2_8_me\Unit2_8ٹme\~WRL3314.tmp"
    Thu 22 Nov 2007 83,456 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2007_2008\8b\devoirsi\Mes devoirs\8B10\~WRL1685.tmp"
    Sat 25 Oct 2008 41,472 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\fiches\8B5\chapitre2\~WRL2731.tmp"
    Tue 29 Apr 2008 20,635 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirs\DS3\DS3\~WRL0003.tmp"
    Tue 27 Nov 2007 29,630 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirs\Mes devoirs\7B16\~WRL2695.tmp"
    Tue 8 Jan 2008 46,080 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirsq\DC2\controle 29em\~WRL0003.tmp"
    Tue 8 Jan 2008 46,080 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirsq\DC2\controle 29em\~WRL0003 (2).tmp"

    [b]Finished![/b]

    ******************************************************************************
    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2775
    Windows 5.1.2600 Service Pack 2

    16/11/2009 22:01:10
    mbam-log-2009-11-16 (22-01-10).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 419441
    Temps écoulé: 14 hour(s), 42 minute(s), 2 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 31
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 11
    Fichier(s) infecté(s): 11

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\kawther\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
    C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rar.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther\outfit.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dllhosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    0
  3. kduc Messages postés 1537 Statut Membre 133
     
    ...

    Clique droit sur ce lien pour installer ComboFix (par sUBs) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
    et sauvegarde-le (Enregistrer dans) sur le Bureau.

    Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

    Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Ferme toutes les fenêtres et applications.
    Déconnecte-toi du net et désactive tes protections résidentes :
    https://forum.pcastuces.com/default.asp

    Sur le bureau, double clique combo-fix.exe.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    ComboFix redémarrera ton PC.
    Lorsque le scan sera complété, un rapport apparaîtra.
    Copie/colle ce rapport dans ta prochaine réponse et nouveau rapport hijackthis.

    PS : Le rapport se trouve également ici : C:\Combofix.txt

    Ne clique pas dans la fenêtre de Combofix durant l’analyse : cela pourrait provoquer le gel du programme !
    0
  4. kawther84 Messages postés 348 Statut Membre 1
     
    bonsoir,
    voici les rapport,
    ComboFix 09-11-18.01 - kawther 17/11/2009 20:48.1.1 - x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1256.216.1036.18.502.227 [GMT 1:00]
    Running from: c:\documents and settings\kawther\Bureau\Combo-Fix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\kawther\Mes documents\kawther\mastère2\pixtran\bin\Desktop_.ini
    c:\documents and settings\kawther\Mes documents\kawther\mastère2\pixtran\Desktop_.ini
    c:\windows\winhelp.ini

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
    .

    2009-11-16 06:58 . 2009-11-16 06:58 -------- d-----w- c:\documents and settings\kawther\Application Data\Bandoo
    2009-11-15 22:46 . 2009-11-15 22:46 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-11-15 21:22 . 2009-11-15 21:23 -------- d-----w- c:\windows\ERUNT
    2009-11-13 17:43 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-11-13 17:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-11-13 17:43 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-11-13 17:43 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-11-13 17:43 . 2009-11-13 17:43 -------- d-----w- c:\program files\Avira
    2009-11-13 17:43 . 2009-11-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-11-07 15:43 . 2009-11-07 15:43 -------- d-----w- c:\program files\Harrap's Multimédia
    2009-11-07 15:42 . 2009-11-07 15:42 -------- d-----w- c:\documents and settings\kawther\WINDOWS
    2009-11-03 22:00 . 2009-11-13 06:42 -------- d-----w- c:\documents and settings\kawther\workspace
    2009-11-03 19:56 . 2009-11-03 19:56 -------- d-----w- C:\Sun

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-17 19:25 . 2008-12-24 12:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-11-16 23:58 . 2008-12-24 20:17 -------- d-----w- c:\documents and settings\kawther\Application Data\Skype
    2009-11-16 23:08 . 2008-12-26 07:19 -------- d-----w- c:\documents and settings\kawther\Application Data\skypePM
    2009-11-16 06:56 . 2009-03-07 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
    2009-11-16 06:56 . 2009-03-07 18:59 -------- d-----w- c:\program files\Bandoo
    2009-11-15 22:49 . 2009-02-03 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-13 07:07 . 2009-11-13 07:07 -------- d-----w- c:\program files\BORLAND
    2009-11-12 10:50 . 2008-12-26 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-11-11 14:35 . 2008-12-24 11:02 91800 ----a-w- c:\documents and settings\kawther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-11 06:59 . 2008-12-26 09:38 -------- d-----w- c:\program files\Microsoft Works
    2009-11-01 17:55 . 2009-02-22 13:13 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-10-23 12:00 . 2008-12-24 20:16 -------- d-----w- c:\program files\Skype
    2009-10-22 07:18 . 2008-12-24 12:52 -------- d-----w- c:\program files\DAP
    2009-10-16 10:52 . 2001-09-28 12:00 81688 ----a-w- c:\windows\system32\perfc00C.dat
    2009-10-16 10:52 . 2001-09-28 12:00 503502 ----a-w- c:\windows\system32\perfh00C.dat
    2009-10-09 20:44 . 2009-10-09 20:33 17581552 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\rp\RealPlayerSPGold_fr.exe
    2009-10-09 20:33 . 2009-10-09 20:33 8405312 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2009-10-09 20:26 . 2009-10-09 20:26 10309448 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\chr\ChromeInstaller.exe
    2009-10-09 20:19 . 2009-10-09 20:19 64000 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\gcapi_dll.dll
    2009-10-09 20:19 . 2009-10-09 20:19 52288 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\gtapi.dll
    2009-10-09 20:19 . 2009-10-09 20:19 50688 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\fftbapi.dll
    2009-10-09 20:19 . 2009-10-09 20:19 114688 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\compat.dll
    2009-10-07 09:39 . 2009-10-07 08:49 -------- d-----w- c:\program files\Readiris Pro
    2009-10-02 22:52 . 2009-10-02 22:52 -------- d-----w- c:\program files\Muslim Bag
    2009-10-01 22:19 . 2009-10-01 22:19 435720 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\setup.exe
    2009-09-30 15:48 . 2009-09-30 15:48 -------- d-----w- c:\program files\Microsoft
    2009-09-24 18:53 . 2008-12-24 12:49 335 ----a-w- c:\windows\nsreg.dat
    2009-09-24 18:53 . 2009-09-24 18:53 -------- d-----w- c:\program files\Dadzilla
    2009-09-23 21:18 . 2009-09-23 21:17 -------- d-----w- c:\program files\Amaya
    2009-09-23 08:30 . 2008-12-27 23:23 -------- d-----w- c:\program files\Athan
    2009-09-22 11:11 . 2008-12-24 22:16 -------- d-----w- c:\program files\AlThkir
    2009-09-11 14:34 . 2004-08-19 14:09 133632 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-10 13:54 . 2009-02-03 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 13:53 . 2009-02-03 20:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-04 20:46 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-09-03 23:57 . 2008-12-24 19:11 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
    2009-08-29 07:56 . 2004-08-19 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:15 . 2004-08-19 14:09 247326 ----a-w- c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
    2009-10-21 15:41 1864128 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
    "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-21 2803200]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-24 180269]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
    "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
    "DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-05-28 1359872]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
    "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    c:\documents and settings\kawther\Menu D‚marrer\Programmes\D‚marrage\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-26 157000]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Ask Harrap's Shorter.lnk - c:\program files\Harrap's Multim‚dia\Shorter\bin\HiHarrapsTray.exe [2009-11-7 122880]
    DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-24 1205840]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MSIServer"=3 (0x3)
    "Bandoo Coordinator"=2 (0x2)
    "AGWinService"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\DAP\\DAP.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
    "c:\\Program Files\\aMSN\\bin\\wish.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/11/2009 18:43 108289]
    S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [24/12/2008 09:49 69656]
    S3 e4usbae;USB ADSL2 LAN Adapter;c:\windows\system32\drivers\e4usbae.sys [24/12/2008 09:49 89600]
    S4 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" --> c:\program files\AGI\common\win32\PythonService.exe [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *NewlyCreated* - PROCEXP113
    *Deregistered* - mbr
    *Deregistered* - PROCEXP113
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{693784EC-04AA-44E3-9DD3-19005BF03A21}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
    IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - c:\program files\AGI\common\agcutils.dll
    AddRemove-4Media MP4 to MP3 Converter - c:\documents and settings\kawther\Mes documents\sarra\MP4 to MP3 Converter 3\Uninstall.exe
    AddRemove-Webshots Desktop_is1 - c:\program files\AGI\common\bootstrapper.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-17 21:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-11-17 22:09
    ComboFix-quarantined-files.txt 2009-11-17 21:09

    Pre-Run: 19 309 641 728 octets libres
    Post-Run: 19 736 391 680 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

    - - End Of File - - E369D8BCFC36C2B1448CAE83B6375FFC
    **************************************************************
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:12:09, on 17/11/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAP\DAP.EXE
    C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\PROGRA~1\Webshots\webshots.scr
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Bandoo\Bandoo.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\PROGRA~1\Bandoo\BndCore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
    O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: c:\PROGRA~1\Bandoo\BndHook.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Lance un scan Nod32 : https://www.eset.com/
    (il faut utiliser Internet Explorer) …

    Coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :

    -> C:\Program Files\EsetOnlineScanner\log.txt <- le rapport

    PS : désactive tes protections résidentes, notamment celle d' Antivir ...

    https://forum.pcastuces.com/default.asp
    0
  7. kawther84 Messages postés 348 Statut Membre 1
     
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=efb055b80a766742979da9a321540427
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-11-18 02:31:02
    # local_time=2009-11-18 03:31:02 (+0100, Europe de l'Ouest)
    # country="France"
    # lang=1036
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 24815927 24815927 0 0
    # compatibility_mode=1797 16775141 100 100 196267 34942073 103462 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=262518
    # found=4
    # cleaned=4
    # scan_time=6688
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\7B\cours\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\mes leçons\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\8B\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    0
  8. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    OK.

    Télécharge Toolbar S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

    Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique maintenant sur le raccourci de Toolbar-S&D.
    Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
    Ensuite, choisis l'option 1 (Recherche).
    Patiente jusqu'à la fin de la recherche.

    Referme le programme …

    Puis, relance Toolbar-S&D en double-cliquant sur le raccourci.
    Fais le choix 2, puis valide en appuyant sur Entrée.

    Ne ferme pas la fenêtre lors de la suppression !

    Un rapport est généré. Poste-le dans ta prochaine réponse.

    PS : si ton bureau ne réapparaît pas, appuie simultanément sur
    Ctrl/Alt/Suppr pour ouvrir le Gestionnaire de tâches.
    Rends-toi sur l’ onglet "Processus" ; clique en haut, à gauche sur
    "Fichier" et choisis "Exécuter..."
    Tape explorer, puis valide.

    ---
    Enfin, relance Malwarebytes pour un scan et poste le rapport.

    ---
    0
  9. kawther84 Messages postés 348 Statut Membre 1
     
    bonjour,

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : kawther ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
    C:\ (Local Disk) - NTFS - Total:55 Go (Free:18 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 18/11/2009|14:30 )

    -----------\\ SUPPRESSION

    Supprime! - C:\WINDOWS\iun6002.exe

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (kawther) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
    (kawther) - {6a7400d6-6615-4a06-a4d1-48979fa6e868} => iminent-en

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.google.fr/?gws_rd=ssl"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 18/11/2009|14:01 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 18/11/2009|14:33 - Option : [2]

    -----------\\ Fin du rapport a 14:33:21,85

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2775
    Windows 5.1.2600 Service Pack 2

    18/11/2009 19:20:40
    mbam-log-2009-11-18 (19-20-40).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 395489
    Temps écoulé: 4 hour(s), 11 minute(s), 39 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  10. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    OK.

    Relance un scan Nod32 et poste le raport.
    0
  11. kawther84 Messages postés 348 Statut Membre 1
     
    salut
    voilà le rapport:
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=efb055b80a766742979da9a321540427
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-11-18 02:31:02
    # local_time=2009-11-18 03:31:02 (+0100, Europe de l'Ouest)
    # country="France"
    # lang=1036
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 24815927 24815927 0 0
    # compatibility_mode=1797 16775141 100 100 196267 34942073 103462 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=262518
    # found=4
    # cleaned=4
    # scan_time=6688
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\7B\cours\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\mes leçons\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\8B\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=efb055b80a766742979da9a321540427
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2009-11-19 11:02:13
    # local_time=2009-11-19 12:02:13 (+0100, Europe de l'Ouest)
    # country="France"
    # lang=1036
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=512 16777215 100 0 24930549 24930549 0 0
    # compatibility_mode=1797 16775125 100 100 12584 35056695 44157 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=266912
    # found=0
    # cleaned=0
    # scan_time=9098
    0
  12. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Fais cet autre scan en ligne :

    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Clique sur J' accepte > Démarrer l' analyse, etc ...

    Une fois le scan achevé, sauvegarde le rapport et poste-le.

    Tuto : https://forum.pcastuces.com/default.asp

    PS : désactive les protections résidentes, notamment Antivir ...avant de lancer le scan ...

    https://forum.pcastuces.com/default.asp
    0
    1. kawther84 Messages postés 348 Statut Membre 1
       
      bonsoir;
      le voilà le rapport, doslée pour le retard , j'étais malade.
      BitDefender Online Scanner



      Rapport d'analyse généré à: Sun, Nov 22, 2009 - 17:31:44





      Voie d'analyse: C:\;D:\;







      Statistiques

      Temps
      01:39:44

      Fichiers
      165337

      Directoires
      23157

      Secteurs de boot
      0

      Archives
      1933

      Paquets programmes
      16734




      Résultats

      Virus identifiés
      0

      Fichiers infectés
      0

      Fichiers suspects
      0

      Avertissements
      0

      Désinfectés
      0

      Fichiers effacés
      0




      Info sur les moteurs

      Définition virus
      4579944

      Version des moteurs
      AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

      Analyse des plugins
      17

      Archive des plugins
      44

      Unpack des plugins
      8

      E-mail plugins
      6

      Système plugins
      4




      Paramètres d'analyse

      Première action
      Désinfecté

      Seconde Action
      Supprimé

      Heuristique
      Oui

      Acceptez les avertissements
      Oui

      Extensions analysées
      exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

      Excludez les extensions


      Analyse d'emails
      Oui

      Analyse des Archives
      Oui

      Analyser paquets programmes
      Oui

      Analyse des fichiers
      Oui

      Analyse de boot
      Oui




      Fichier analysé
      Statut

      Aucun virus trouvé.
      0
  13. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    On peut considérer le PC comme désinfecté.
    0
  14. kawther84 Messages postés 348 Statut Membre 1
     
    infiniment merci Kduc
    0
  15. kduc Messages postés 1537 Statut Membre 133
     
    ...

    Télécharge ToolCeaner (par A.Rothstein et dj QUIOU) sur ton bureau :
    http://pc-system.fr/

    1. Clique sur Recherche et laisse le scan agir ...
    2. Clique sur Suppression pour finaliser.
    -> Tu peux, si tu le souhaites, te servir des "Options facultatives".
    3. Clique sur Quitter pour obtenir le rapport.
    4. Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ******
    Marque le « statut comme résolu » …
    https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

    ******
    Quelques conseils ...
    https://www.malekal.com/proteger-pc-virus-pirates/
    et aussi ...
    https://www.malekal.com/securiser-votre-navigateur-internet-explorer-2/
    0
  16. kawther84 Messages postés 348 Statut Membre 1
     
    bonsoir
    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\TB.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\Toolbar SD: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\kawther\Bureau\ToolBarSD.exe: trouvé !
    C:\Documents and Settings\kawther\Bureau\SDFIX: trouvé !
    C:\Documents and Settings\kawther\Bureau\SDFix\catchme.exe: trouvé !
    C:\Documents and Settings\kawther\Bureau\SDFix\backups\catchme.log: trouvé !
    C:\Documents and Settings\kawther\Mes documents\My Completed Downloads\HJTInstall.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
    C:\Qoobox\Quarantine\catchme.log: trouvé !
    C:\WINDOWS\mbr.exe: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\kawther\Bureau\ToolBarSD.exe: supprimé !
    C:\Documents and Settings\kawther\Bureau\SDFix\catchme.exe: supprimé !
    C:\Documents and Settings\kawther\Mes documents\My Completed Downloads\HJTInstall.exe: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\TB.txt: supprimé !
    C:\Documents and Settings\kawther\Bureau\SDFix\backups\catchme.log: supprimé !
    C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
    C:\Qoobox\Quarantine\catchme.log: supprimé !
    C:\WINDOWS\mbr.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\Toolbar SD: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\kawther\Bureau\SDFIX: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Fichiers temporaires nettoyés !
    c bon?
    0
  17. kduc Messages postés 1537 Statut Membre 133
     
    ...

    Ben oui ...
    0