Sujet Précédent Sujet Suivant

Mon PC est t il infecté

kawther84 Messages postés 348 Statut Membre -  
kduc Messages postés 1537 Statut Membre -
Bonjour,
mon PC devient de plus en plus lent, j'ai fait un rapport HijackThis, quelqu'un peut m'aider. d'avance merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:14, on 15/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Iminent\IMBooster\imbooster.exe
C:\Program Files\AutorunRemover\AutorunRemover.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MATLAB\R2008b\bin\win32\MATLAB.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
A voir également:

16 réponses

Réponse 1 / 16
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Désinstalle AGI et Iminent, en allant dans …

1/ Démarrer > Panneau de Config. > Ajout/suppres… des programmes

2/ Démarrer > Poste de travail > C:\Program Files\...

---
Puis, fais un clic droit sur le lien pour installer SDFix (par AndyManchesta) :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "sdfix" ou "SdFix.exe" en sd-fix.exe

Redémarre en mode sans échec ...
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.htm
(de préférence par F8 au démarrage).

--------------------------------------------
Tu n' auras pas accès à Internet pendant le "mode sans échec".
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
sur le "bureau" pour l' avoir à ta disposition.
--------------------------------------------

Sur le bureau, double-clique sur sd-fix.exe et choisis Install pour l'extraire sur le Bureau.
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur
RunThis.cmd (ou RunThis.bat) pour lancer le script.

Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre des trojans trouvés puis te
demandera d'appuyer sur une touche pour redémarrer. Fais-le.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va
continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera "Finished".
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera
aussi dans le dossier SDFix sous le nom Report.txt.

Copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.

Tuto : https://www.malekal.com/slenfbot-still-an-other-irc-bot/

Ensuite, ...

Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
puis sur Supprimer la sélection.
0
Réponse 2 / 16
kawther84 Messages postés 348 Statut Membre 1
 
bonsoir;
voici les rapport:

[b]SDFix: Version 1.240 [/b]
Run by kawther on 15/11/2009 at 22:36

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\kawther\Bureau\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 23:20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111]
"001f01e8fc40"=hex:c8,b9,a2,9a,ca,33,73,4a,24,6c,d7,f2,70,ff,89,dc
"0021d15d46fc"=hex:cb,ea,6a,26,ab,fb,fe,56,14,5a,cd,02,a7,49,c4,6d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\111111111111]
"001f01e8fc40"=hex:c8,b9,a2,9a,ca,33,73,4a,24,6c,d7,f2,70,ff,89,dc
"0021d15d46fc"=hex:cb,ea,6a,26,ab,fb,fe,56,14,5a,cd,02,a7,49,c4,6d

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3.1 Beta 2\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe:*:Disabled:Nero Home"
"C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Disabled:Wish Application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Documents and Settings\\kawther\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\kawther\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Sun\\SDK\\jdk\\bin\\java.exe"="C:\\Sun\\SDK\\jdk\\bin\\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Documents and Settings\\kawther\\Bureau\\eclipse-SDK-3.5.1-win32\\eclipse\\eclipse.exe"="C:\\Documents and Settings\\kawther\\Bureau\\eclipse-SDK-3.5.1-win32\\eclipse\\eclipse.exe:*:Enabled:eclipse"
"C:\\Documents and Settings\\kawther\\Bureau\\eclipse-java-ganymede-win32\\eclipse\\eclipse.exe"="C:\\Documents and Settings\\kawther\\Bureau\\eclipse-java-ganymede-win32\\eclipse\\eclipse.exe:*:Enabled:eclipse"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[b]Remaining Files [/b]:

[b]Files with Hidden Attributes [/b]:

Wed 25 Feb 2009 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 2 Apr 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 24 Dec 2008 665,128 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\33e2c0b2e0a5331aa370a5e8ce5ad191\BIT3.tmp"
Wed 19 Aug 2009 2,323,968 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL0003.tmp"
Wed 30 Sep 2009 6,975,488 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL0004.tmp"
Sun 6 Sep 2009 3,010,560 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL0640.tmp"
Thu 20 Aug 2009 2,509,312 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL1414.tmp"
Sat 18 Jul 2009 54,272 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL1840.tmp"
Sat 18 Jul 2009 52,224 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL2099.tmp"
Wed 19 Aug 2009 2,359,296 ...H. --- "C:\Documents and Settings\kawther\Application Data\Microsoft\Word\~WRL3646.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\kawther\Application Data\U3\temp\Launchpad Removal.exe"
Wed 25 Feb 2009 4,348 ...H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 1 Mar 2009 20 A..H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Wed 25 Feb 2009 312 ...H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 1 Mar 2009 1,536 A..H. --- "C:\Documents and Settings\kawther\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Wed 29 May 2002 42,496 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2007_2008\8b\Chapitre 2\~WRL0855.tmp"
Mon 18 Aug 2008 80,505 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\mastٹre2\rapport\transparent\preparation partie0\~WRL1354.tmp"
Sat 11 Oct 2008 160,768 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\Unit2_8_me\Unit2_8ٹme\~WRL3314.tmp"
Thu 22 Nov 2007 83,456 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2007_2008\8b\devoirsi\Mes devoirs\8B10\~WRL1685.tmp"
Sat 25 Oct 2008 41,472 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\fiches\8B5\chapitre2\~WRL2731.tmp"
Tue 29 Apr 2008 20,635 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirs\DS3\DS3\~WRL0003.tmp"
Tue 27 Nov 2007 29,630 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirs\Mes devoirs\7B16\~WRL2695.tmp"
Tue 8 Jan 2008 46,080 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirsq\DC2\controle 29em\~WRL0003.tmp"
Tue 8 Jan 2008 46,080 A..H. --- "C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\devoir\devoirsq\DC2\controle 29em\~WRL0003 (2).tmp"

[b]Finished![/b]

******************************************************************************
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 2

16/11/2009 22:01:10
mbam-log-2009-11-16 (22-01-10).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 419441
Temps écoulé: 14 hour(s), 42 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\kawther\Application Data\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rar.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther\outfit.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\kawther\Application Data\FunWebProducts\Data\kawther\zbucks.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllhosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 3 / 16
kduc Messages postés 1537 Statut Membre 133
 
...

Clique droit sur ce lien pour installer ComboFix (par sUBs) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Ferme toutes les fenêtres et applications.
Déconnecte-toi du net et désactive tes protections résidentes :
https://forum.pcastuces.com/default.asp

Sur le bureau, double clique combo-fix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse et nouveau rapport hijackthis.

PS : Le rapport se trouve également ici : C:\Combofix.txt

Ne clique pas dans la fenêtre de Combofix durant l’analyse : cela pourrait provoquer le gel du programme !
0
Réponse 4 / 16
kawther84 Messages postés 348 Statut Membre 1
 
bonsoir,
voici les rapport,
ComboFix 09-11-18.01 - kawther 17/11/2009 20:48.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.216.1036.18.502.227 [GMT 1:00]
Running from: c:\documents and settings\kawther\Bureau\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\kawther\Mes documents\kawther\mastère2\pixtran\bin\Desktop_.ini
c:\documents and settings\kawther\Mes documents\kawther\mastère2\pixtran\Desktop_.ini
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-17 to 2009-11-17 )))))))))))))))))))))))))))))))
.

2009-11-16 06:58 . 2009-11-16 06:58 -------- d-----w- c:\documents and settings\kawther\Application Data\Bandoo
2009-11-15 22:46 . 2009-11-15 22:46 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-15 21:22 . 2009-11-15 21:23 -------- d-----w- c:\windows\ERUNT
2009-11-13 17:43 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-13 17:43 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-13 17:43 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-13 17:43 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-13 17:43 . 2009-11-13 17:43 -------- d-----w- c:\program files\Avira
2009-11-13 17:43 . 2009-11-13 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-07 15:43 . 2009-11-07 15:43 -------- d-----w- c:\program files\Harrap's Multimédia
2009-11-07 15:42 . 2009-11-07 15:42 -------- d-----w- c:\documents and settings\kawther\WINDOWS
2009-11-03 22:00 . 2009-11-13 06:42 -------- d-----w- c:\documents and settings\kawther\workspace
2009-11-03 19:56 . 2009-11-03 19:56 -------- d-----w- C:\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-17 19:25 . 2008-12-24 12:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-16 23:58 . 2008-12-24 20:17 -------- d-----w- c:\documents and settings\kawther\Application Data\Skype
2009-11-16 23:08 . 2008-12-26 07:19 -------- d-----w- c:\documents and settings\kawther\Application Data\skypePM
2009-11-16 06:56 . 2009-03-07 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Bandoo
2009-11-16 06:56 . 2009-03-07 18:59 -------- d-----w- c:\program files\Bandoo
2009-11-15 22:49 . 2009-02-03 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 07:07 . 2009-11-13 07:07 -------- d-----w- c:\program files\BORLAND
2009-11-12 10:50 . 2008-12-26 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 14:35 . 2008-12-24 11:02 91800 ----a-w- c:\documents and settings\kawther\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 06:59 . 2008-12-26 09:38 -------- d-----w- c:\program files\Microsoft Works
2009-11-01 17:55 . 2009-02-22 13:13 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-23 12:00 . 2008-12-24 20:16 -------- d-----w- c:\program files\Skype
2009-10-22 07:18 . 2008-12-24 12:52 -------- d-----w- c:\program files\DAP
2009-10-16 10:52 . 2001-09-28 12:00 81688 ----a-w- c:\windows\system32\perfc00C.dat
2009-10-16 10:52 . 2001-09-28 12:00 503502 ----a-w- c:\windows\system32\perfh00C.dat
2009-10-09 20:44 . 2009-10-09 20:33 17581552 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\rp\RealPlayerSPGold_fr.exe
2009-10-09 20:33 . 2009-10-09 20:33 8405312 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-10-09 20:26 . 2009-10-09 20:26 10309448 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\chr\ChromeInstaller.exe
2009-10-09 20:19 . 2009-10-09 20:19 64000 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\gcapi_dll.dll
2009-10-09 20:19 . 2009-10-09 20:19 52288 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\gtapi.dll
2009-10-09 20:19 . 2009-10-09 20:19 50688 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\fftbapi.dll
2009-10-09 20:19 . 2009-10-09 20:19 114688 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\RUP\inst_config\compat.dll
2009-10-07 09:39 . 2009-10-07 08:49 -------- d-----w- c:\program files\Readiris Pro
2009-10-02 22:52 . 2009-10-02 22:52 -------- d-----w- c:\program files\Muslim Bag
2009-10-01 22:19 . 2009-10-01 22:19 435720 ----a-w- c:\documents and settings\kawther\Application Data\Real\Update\setup3.08\setup.exe
2009-09-30 15:48 . 2009-09-30 15:48 -------- d-----w- c:\program files\Microsoft
2009-09-24 18:53 . 2008-12-24 12:49 335 ----a-w- c:\windows\nsreg.dat
2009-09-24 18:53 . 2009-09-24 18:53 -------- d-----w- c:\program files\Dadzilla
2009-09-23 21:18 . 2009-09-23 21:17 -------- d-----w- c:\program files\Amaya
2009-09-23 08:30 . 2008-12-27 23:23 -------- d-----w- c:\program files\Athan
2009-09-22 11:11 . 2008-12-24 22:16 -------- d-----w- c:\program files\AlThkir
2009-09-11 14:34 . 2004-08-19 14:09 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-02-03 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-02-03 20:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 20:46 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 23:57 . 2008-12-24 19:11 83456 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-08-29 07:56 . 2004-08-19 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:15 . 2004-08-19 14:09 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-10-21 15:41 1864128 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-10-21 2803200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-12-24 180269]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-05 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-03-22 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-03-22 126976]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2009-05-28 1359872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-19 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\kawther\Menu D‚marrer\Programmes\D‚marrage\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-26 157000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Ask Harrap's Shorter.lnk - c:\program files\Harrap's Multim‚dia\Shorter\bin\HiHarrapsTray.exe [2009-11-7 122880]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-24 1205840]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
"Bandoo Coordinator"=2 (0x2)
"AGWinService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/11/2009 18:43 108289]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [24/12/2008 09:49 69656]
S3 e4usbae;USB ADSL2 LAN Adapter;c:\windows\system32\drivers\e4usbae.sys [24/12/2008 09:49 89600]
S4 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" --> c:\program files\AGI\common\win32\PythonService.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-17 c:\windows\Tasks\User_Feed_Synchronization-{693784EC-04AA-44E3-9DD3-19005BF03A21}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - c:\program files\AGI\common\agcutils.dll
AddRemove-4Media MP4 to MP3 Converter - c:\documents and settings\kawther\Mes documents\sarra\MP4 to MP3 Converter 3\Uninstall.exe
AddRemove-Webshots Desktop_is1 - c:\program files\AGI\common\bootstrapper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-17 21:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-17 22:09
ComboFix-quarantined-files.txt 2009-11-17 21:09

Pre-Run: 19 309 641 728 octets libres
Post-Run: 19 736 391 680 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - E369D8BCFC36C2B1448CAE83B6375FFC
**************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:09, on 17/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AutorunRemover.exe] C:\Program Files\AutorunRemover\AutorunRemover.exe -Hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\PROGRA~1\Bandoo\BndHook.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Lance un scan Nod32 : https://www.eset.com/
(il faut utiliser Internet Explorer) …

Coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :

-> C:\Program Files\EsetOnlineScanner\log.txt <- le rapport

PS : désactive tes protections résidentes, notamment celle d' Antivir ...

https://forum.pcastuces.com/default.asp
0
Réponse 6 / 16
kawther84 Messages postés 348 Statut Membre 1
 
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=efb055b80a766742979da9a321540427
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-18 02:31:02
# local_time=2009-11-18 03:31:02 (+0100, Europe de l'Ouest)
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 24815927 24815927 0 0
# compatibility_mode=1797 16775141 100 100 196267 34942073 103462 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=262518
# found=4
# cleaned=4
# scan_time=6688
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\7B\cours\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\mes leçons\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\8B\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
0
Réponse 7 / 16
kduc Messages postés 1537 Statut Membre 133
 
Salut,

OK.

Télécharge Toolbar S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
Ensuite, choisis l'option 1 (Recherche).
Patiente jusqu'à la fin de la recherche.

Referme le programme …

Puis, relance Toolbar-S&D en double-cliquant sur le raccourci.
Fais le choix 2, puis valide en appuyant sur Entrée.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport est généré. Poste-le dans ta prochaine réponse.

PS : si ton bureau ne réapparaît pas, appuie simultanément sur
Ctrl/Alt/Suppr pour ouvrir le Gestionnaire de tâches.
Rends-toi sur l’ onglet "Processus" ; clique en haut, à gauche sur
"Fichier" et choisis "Exécuter..."
Tape explorer, puis valide.

---
Enfin, relance Malwarebytes pour un scan et poste le rapport.

---
0
Réponse 8 / 16
kawther84 Messages postés 348 Statut Membre 1
 
bonjour,

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.70GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : kawther ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:18 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 18/11/2009|14:30 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\iun6002.exe

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(kawther) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(kawther) - {6a7400d6-6615-4a06-a4d1-48979fa6e868} => iminent-en

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 18/11/2009|14:01 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 18/11/2009|14:33 - Option : [2]

-----------\\ Fin du rapport a 14:33:21,85

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2775
Windows 5.1.2600 Service Pack 2

18/11/2009 19:20:40
mbam-log-2009-11-18 (19-20-40).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 395489
Temps écoulé: 4 hour(s), 11 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 9 / 16
kduc Messages postés 1537 Statut Membre 133
 
Salut,

OK.

Relance un scan Nod32 et poste le raport.
0
Réponse 10 / 16
kawther84 Messages postés 348 Statut Membre 1
 
salut
voilà le rapport:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=efb055b80a766742979da9a321540427
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-18 02:31:02
# local_time=2009-11-18 03:31:02 (+0100, Europe de l'Ouest)
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 24815927 24815927 0 0
# compatibility_mode=1797 16775141 100 100 196267 34942073 103462 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=262518
# found=4
# cleaned=4
# scan_time=6688
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\7B\cours\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2008_2009\8B\mes leçons\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\7B\mes leçon\chp4_Projet\projet\7B1\students works\oussema ben abd elali 7b1\oussema ben abd elali 7b1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\Documents and Settings\kawther\Mes documents\kawther\ensiengnement\2009_2010\8B\chapitre 4\projet\8B2\asma mejri ameni khalfewi 8b2g1\asma mejri ameni khalfewi 8b2g1.exe Win32/Delf.NEX ver (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=efb055b80a766742979da9a321540427
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-19 11:02:13
# local_time=2009-11-19 12:02:13 (+0100, Europe de l'Ouest)
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 24930549 24930549 0 0
# compatibility_mode=1797 16775125 100 100 12584 35056695 44157 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=266912
# found=0
# cleaned=0
# scan_time=9098
0
Réponse 11 / 16
kduc Messages postés 1537 Statut Membre 133
 
Salut,

Fais cet autre scan en ligne :

http://www.bitdefender.fr/scan_fr/scan8/ie.html

Clique sur J' accepte > Démarrer l' analyse, etc ...

Une fois le scan achevé, sauvegarde le rapport et poste-le.

Tuto : https://forum.pcastuces.com/default.asp

PS : désactive les protections résidentes, notamment Antivir ...avant de lancer le scan ...

https://forum.pcastuces.com/default.asp
0
kawther84 Messages postés 348 Statut Membre 1
 
bonsoir;
le voilà le rapport, doslée pour le retard , j'étais malade.
BitDefender Online Scanner



Rapport d'analyse généré à: Sun, Nov 22, 2009 - 17:31:44





Voie d'analyse: C:\;D:\;







Statistiques

Temps
01:39:44

Fichiers
165337

Directoires
23157

Secteurs de boot
0

Archives
1933

Paquets programmes
16734




Résultats

Virus identifiés
0

Fichiers infectés
0

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
0




Info sur les moteurs

Définition virus
4579944

Version des moteurs
AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Analyse des plugins
17

Archive des plugins
44

Unpack des plugins
8

E-mail plugins
6

Système plugins
4




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

Aucun virus trouvé.
0
Réponse 12 / 16
kduc Messages postés 1537 Statut Membre 133
 
Salut,

On peut considérer le PC comme désinfecté.
0
Réponse 13 / 16
kawther84 Messages postés 348 Statut Membre 1
 
infiniment merci Kduc
0
Réponse 14 / 16
kduc Messages postés 1537 Statut Membre 133
 
...

Télécharge ToolCeaner (par A.Rothstein et dj QUIOU) sur ton bureau :
http://pc-system.fr/

1. Clique sur Recherche et laisse le scan agir ...
2. Clique sur Suppression pour finaliser.
-> Tu peux, si tu le souhaites, te servir des "Options facultatives".
3. Clique sur Quitter pour obtenir le rapport.
4. Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

******
Marque le « statut comme résolu » …
https://www.commentcamarche.net/infos/25917-marquer-un-fil-de-discussion-comme-etant-resolu/

******
Quelques conseils ...
https://www.malekal.com/proteger-pc-virus-pirates/
et aussi ...
https://www.malekal.com/securiser-votre-navigateur-internet-explorer-2/
0
Réponse 15 / 16
kawther84 Messages postés 348 Statut Membre 1
 
bonsoir
[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\kawther\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\kawther\Bureau\SDFIX: trouvé !
C:\Documents and Settings\kawther\Bureau\SDFix\catchme.exe: trouvé !
C:\Documents and Settings\kawther\Bureau\SDFix\backups\catchme.log: trouvé !
C:\Documents and Settings\kawther\Mes documents\My Completed Downloads\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\WINDOWS\mbr.exe: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\kawther\Bureau\ToolBarSD.exe: supprimé !
C:\Documents and Settings\kawther\Bureau\SDFix\catchme.exe: supprimé !
C:\Documents and Settings\kawther\Mes documents\My Completed Downloads\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\kawther\Bureau\SDFix\backups\catchme.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\WINDOWS\mbr.exe: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\kawther\Bureau\SDFIX: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Fichiers temporaires nettoyés !
c bon?
0
Réponse 16 / 16
kduc Messages postés 1537 Statut Membre 133
 
...

Ben oui ...
0