Virus Internet ???

Résolu
Utilisateur anonyme -  
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité -
Bonjour,

Depuis 3 jours, lorque je vais sur internet, des pop up apparaisse sur tout les sites. Deplus, Ces pop up sont toujours les mêmes. Deplus, lorque je vais sur google et je fais une recherche example comment ça marche, je clique sur comment ça marche .net et la, ½, cela m'emmène sur un site random. Aussi, lorsque je regarde mon Historique, il y apparait des sites ramdom que je ne connais pas. J'ai scanné plusieurs fois mon ordinateur au complet (aucun virus détecté), supprimé quelques programmes mais rien ne change. J'ai aussi programmé mon Antivirus pour suprimé les fichier ZIP mais, encore une fois, rien ne change.

Merci

Ps: J'ai norton sécurité 2009 comme AntiVirus.
A voir également:

69 réponses

Précédent
Réponse 21 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Y'a pas de quoi ;-).
A demain.
0
Réponse 22 / 69
Utilisateur anonyme
 
Texte Ad-Remover:

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 30.11.2009 at 22:59
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 17:56:44, 2009-12-01 | Normal Boot | Option: SCAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001
Computer Name: *********** | Current user: *******
.
============== FOUND ELEMENT(S) ==============
.
C:\ProgramData\SweetIM
C:\ProgramData\Trymedia
C:\PROGRA~2\SweetIM
C:\Users\*******\AppData\LocalLow\SweetIM
C:\Program Files\SweetIM
C:\Windows\Installer\184cb8d5.msi
C:\Windows\Installer\184cb8da.msi
C:\Users\*******\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@partypoker[1].txt
C:\Users\*******\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@rotator.adjuggler[1].txt
C:\Users\*******\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@www.partypoker[1].txt
C:\Users\*******\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@www.sweetim[2].txt
.
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-137649548-3472937081-3695130450-1000\Software\Sweetim
HKCU\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\software\SweetIM
HKLM\software\classes\installer\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE
HKLM\software\classes\installer\Products\652E78CE4A0B14A46828BA75FF1291D6
HKLM\software\classes\MediaPlayer.GraphicsUtils
HKLM\software\classes\MediaPlayer.GraphicsUtils.1
HKLM\software\classes\MgMediaPlayer.GifAnimator
HKLM\software\classes\MgMediaPlayer.GifAnimator.1
HKLM\software\classes\SWEETIE.IEToolbar
HKLM\software\classes\SWEETIE.IEToolbar.1
HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKLM\software\classes\Toolbar3.SWEETIE
HKLM\software\classes\Toolbar3.SWEETIE.1
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\652E78CE4A0B14A46828BA75FF1291D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM
HKLM\software\microsoft\windows\currentversion\uninstall\{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
HKLM\software\microsoft\windows\currentversion\uninstall\{EC87E256-B0A4-4A41-8682-AB57FF21196D}
HKLM\software\SweetIM
HKLM\software\Trymedia Systems
HKU\s-1-5-21-137649548-3472937081-3695130450-1000\software\SweetIM
.
============== Added scan ==============
.
.
* Internet Explorer Version 8.0.6001.18813 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Search Page: hxxp://www.google.com
Start Page: hxxp://www.google.com/webhp?hl=fr&tab=iw
Search Bar: hxxp://www.google.com/ie
Default_Search_URL: hxxp://www.google.com/ie
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://home.sweetim.com
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.

===================================
.
11296 Byte(s) - C:\Ad-Report-SCAN[1].log
.
1094 File(s) - C:\Users\*******\AppData\Local\Temp
2 File(s) - C:\Windows\Temp
.
0 File(s) - C:\Program Files\Ad-Remover\BACKUP
0 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 18:13:14 | 2009-12-01 - SCAN[1]
.
============== E.O.F ==============
.
0
Réponse 23 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Parfait :

Suppression avec Ad-Remover :
/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\

* Clique droit sur l’icône Ad-Remover située sur ton bureau puis sélectionne "Exécuter en tant qu’administrateur".
* Au menu principal choisi l’option "L" et tape ensuite [Entrée]
* Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus.


Je vais me coucher, à demain.
Bonne nuit.
0
Réponse 24 / 69
Utilisateur anonyme
 
Texte ad-remover
.
======= LOGFILE OF AD-REMOVER 1.1.4.6_D | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 02.12.2009 at 18:59
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 15:22:01, 2009-12-02 | Normal Boot | Option: CLEAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows Vista™ Ultimate Service Pack 1 v6.0.6001
Computer Name: *********** | Current user: *******
.
============== NEUTRALIZED ELEMENT(S) ==============
.
C:\ProgramData\SweetIM
C:\ProgramData\Trymedia
C:\Users\Antoine\AppData\LocalLow\SweetIM
C:\Program Files\SweetIM ... [b]NOT DELETED !![/b]
C:\Windows\Installer\184cb8d5.msi
C:\Windows\Installer\184cb8da.msi
C:\Users\Antoine\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@partypoker[1].txt
C:\Users\Antoine\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@rotator.adjuggler[1].txt
C:\Users\Antoine\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@www.partypoker[1].txt
C:\Users\Antoine\AppData\Roaming\MICROS~1\Windows\Cookies\antoine@www.sweetim[2].txt

(!) -- Temp files deleted.

.
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-137649548-3472937081-3695130450-1000\Software\Sweetim
HKCU\software\microsoft\internet explorer\searchscopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\software\SweetIM
HKLM\software\classes\installer\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE
HKLM\software\classes\installer\Products\652E78CE4A0B14A46828BA75FF1291D6
HKLM\software\classes\MediaPlayer.GraphicsUtils
HKLM\software\classes\MediaPlayer.GraphicsUtils.1
HKLM\software\classes\MgMediaPlayer.GifAnimator
HKLM\software\classes\MgMediaPlayer.GifAnimator.1
HKLM\software\classes\SWEETIE.IEToolbar
HKLM\software\classes\SWEETIE.IEToolbar.1
HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKLM\software\classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKLM\software\classes\Toolbar3.SWEETIE
HKLM\software\classes\Toolbar3.SWEETIE.1
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\4EEB31C8EC7E64E4DB31F814AD0DF0FE
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\652E78CE4A0B14A46828BA75FF1291D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM
HKLM\software\microsoft\windows\currentversion\uninstall\{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}
HKLM\software\microsoft\windows\currentversion\uninstall\{EC87E256-B0A4-4A41-8682-AB57FF21196D}
HKLM\software\SweetIM
HKLM\software\Trymedia Systems
.
============== Added scan ==============
.
.
* Internet Explorer Version 8.0.6001.18813 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.

===================================
.
11438 Byte(s) - C:\Ad-Report-CLEAN[1].log
11616 Byte(s) - C:\Ad-Report-SCAN[1].log
.
8 File(s) - C:\Users\*******\AppData\Local\Temp
1 File(s) - C:\Windows\Temp
.
19 File(s) - C:\Program Files\Ad-Remover\BACKUP
145 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 15:37:21 | 2009-12-02 - CLEAN[1]
.
============== E.O.F ==============
.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =

- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller

Si tu as besoin d’aide regarde ce tutorial ICI
0
Réponse 26 / 69
Utilisateur anonyme
 
Encore une fois, merci de m'aider.

MalwereByte est présentement en train de faire une annalyse complète du système. Seulement rendu à 46 000 élément annalysé.
à bientôt

0
Réponse 27 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Y'a pas de quoi ;-).
Ok, à plus tard.
0
Réponse 28 / 69
Utilisateur anonyme
 
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3281
Windows 6.0.6001 Service Pack 1

2009-12-02 18:31:09
mbam-log-2009-12-02 (18-31-05).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 336584
Temps écoulé: 1 hour(s), 53 minute(s), 32 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe (Rogue.DesktopDefender) -> No action taken.

Module(s) mémoire infecté(s):
C:\Program Files\Desktop Defender 2010\hjengine.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\mfc71.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\msvcp71.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\msvcr71.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll (Rogue.DesktopDefender2010) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktop defender 2010 (Rogue.DesktopDefender2010) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdidis32.sys (Rogue.DesktopDefender) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys (Rogue.DesktopDefender) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010 (Rogue.DesktopDefender) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop defender 2010 (Rogue.DesktopDefender) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\dcomclsid (Rogue.DesktopDefender) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe) Good: (Explorer.exe) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\Desktop Defender 2010 (Rogue.DesktopDefender2010) -> No action taken.

Fichier(s) infecté(s):
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe (Rogue.DesktopDefender) -> No action taken.
C:\Program Files\Desktop Defender 2010\daily.cvd (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\guide.chm (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\hjengine.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\mfc71.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\MFC71ENU.DLL (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\msvcp71.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\msvcr71.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\MyTaskMgrDll.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll (Rogue.DesktopDefender2010) -> No action taken.
C:\Program Files\Desktop Defender 2010\uninstall.exe (Rogue.DesktopDefender2010) -> No action taken.
0
Réponse 29 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
  
No action taken.

Supprime ce qu'il a trouvé !
et poste moi le rapport après suppression (quarantined and deleted successfully.).
0
Réponse 30 / 69
Utilisateur anonyme
 
Supprime ce qu'il a trouvé !
et poste moi le rapport après suppression (quarantined and deleted successfully.).

Ok mais comment ?
0
Réponse 31 / 69
Utilisateur anonyme
 
Autre rapport:

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3281
Windows 6.0.6001 Service Pack 1

2009-12-03 15:29:46
mbam-log-2009-12-03 (15-29-46).txt

Type de recherche: Examen rapide
Eléments examinés: 26149
Temps écoulé: 2 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop defender 2010 (Rogue.DesktopDefender) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe (Rogue.DesktopDefender) -> Quarantined and deleted successfully.
0
Réponse 32 / 69
Utilisateur anonyme
 
Aussi, Hier, une fenètre est apparue de desktop defender 2010. Un programme que je n'avais jamais télécharger. Cela à " BUGGER " mon ordinateur. depuis se temps là, mon lecteur mp3 qui était brancher à mon ordinateur ne marche plus. Pour le recharger, je dois le brancher à mon ordinateur mais, mon ordinateur ne le détecte pas. Serait-se possible que le virus sois entré dans mon lecteur mp3 et si oui, comment l'enlever?
0
Réponse 33 / 69
Utilisateur anonyme
 
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3281
Windows 6.0.6001 Service Pack 1

2009-12-03 15:55:53
mbam-log-2009-12-03 (15-55-53).txt

Type de recherche: Examen rapide
Eléments examinés: 97155
Temps écoulé: 7 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktop defender 2010 (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\tdidis32.sys (Rogue.DesktopDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Minimal\tdidis32.sys (Rogue.DesktopDefender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Desktop Defender 2010 (Rogue.DesktopDefender) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\registrymonitor1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\dcomclsid (Rogue.DesktopDefender) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\Desktop Defender 2010\Desktop Defender 2010.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Desktop Defender 2010 (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Desktop Defender 2010\daily.cvd (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\guide.chm (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\hjengine.dll (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\mfc71.dll (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\MFC71ENU.DLL (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\msvcp71.dll (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\msvcr71.dll (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\MyTaskMgrDll.dll (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\pthreadVC2.dll (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.
C:\Program Files\Desktop Defender 2010\uninstall.exe (Rogue.DesktopDefender2010) -> Quarantined and deleted successfully.

0
Réponse 34 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Après ce qu'a supprimé MBAM (Malwarebytes' Anti Malmware), tu n'auras plus ce souci avec Desktop Defender 2010.
On va vérifier cela.
Poste moi un nouveau rapport RSIT stp.
0
Réponse 35 / 69
Utilisateur anonyme
 
ok !!!
0
Réponse 36 / 69
Utilisateur anonyme
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Antoine at 2009-12-03 18:01:20
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 43 GB (26%) free of 165 GB
Total RAM: 1022 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:43, on 2009-12-03
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Programmes\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Antoine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Antoine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Z2SM2AS\RSIT[1].exe
C:\Program Files\trend micro\Antoine.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmes\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmes\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmes\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [L07FXLRD_1791889] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2007 - Études DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\Antoine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 1.1.4322; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.30618)" -"https://www.anglaisfacile.com/jeux-anglais.php"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2007.lnk = C:\Program Files\Larousse\Petit Larousse 2007\bin\Hyperappel.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Programmes\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Programmes\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
0
Réponse 37 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Tu peux vider la quarantaine de MBAM.

********

Analyse ces fichiers : 
C:\Windows\system32\lgejhgnuself9.exe

Sur le site de virustotal :
https://www.virustotal.com/gui/

Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.

Poste bien les rapports en m’indiquant à chaque rapport envoyé le nom du fichier concerné !

(Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant).

******

Le lecteur D est ton lecteur CD ?
0
Réponse 38 / 69
Utilisateur anonyme
 
Le lecteur D est ton lecteur CD ? --> Oui
0
Réponse 39 / 69
Utilisateur anonyme
 
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.12.03 -
AhnLab-V3 5.0.0.2 2009.12.03 -
AntiVir 7.9.1.92 2009.12.03 HEUR/Crypted
Antiy-AVL 2.0.3.7 2009.12.03 -
Authentium 5.2.0.5 2009.12.02 -
Avast 4.8.1351.0 2009.12.03 -
AVG 8.5.0.426 2009.12.03 -
BitDefender 7.2 2009.12.04 -
CAT-QuickHeal 10.00 2009.12.03 -
ClamAV 0.94.1 2009.12.03 -
Comodo 3103 2009.12.01 -
DrWeb 5.0.0.12182 2009.12.03 -
eSafe 7.0.17.0 2009.12.03 -
eTrust-Vet 35.1.7156 2009.12.03 -
F-Prot 4.5.1.85 2009.12.03 -
F-Secure 9.0.15370.0 2009.12.03 -
Fortinet 4.0.14.0 2009.12.03 -
GData 19 2009.12.04 -
Ikarus T3.1.1.74.0 2009.12.03 -
Jiangmin 13.0.900 2009.12.02 -
K7AntiVirus 7.10.910 2009.12.03 -
Kaspersky 7.0.0.125 2009.12.04 Trojan-Downloader.Win32.Small.aohd
McAfee 5821 2009.12.03 -
McAfee+Artemis 5821 2009.12.03 Artemis!8054B88F3D81
McAfee-GW-Edition 6.8.5 2009.12.04 Heuristic.Crypted
Microsoft 1.5302 2009.12.03 -
NOD32 4659 2009.12.04 -
Norman 6.03.02 2009.12.03 -
nProtect 2009.1.8.0 2009.12.03 -
Panda 10.0.2.2 2009.12.03 -
PCTools 7.0.3.5 2009.12.04 -
Prevx 3.0 2009.12.04 Medium Risk Malware
Rising 22.24.03.06 2009.12.03 -
Sophos 4.48.0 2009.12.04 Sus/UnkPack-C
Sunbelt 3.2.1858.2 2009.12.04 -
Symantec 1.4.4.12 2009.12.04 -
TheHacker 6.5.0.2.084 2009.12.03 -
TrendMicro 9.100.0.1001 2009.12.03 -
VBA32 3.12.12.0 2009.12.03 Worm.Win32.AutoRun.oik
ViRobot 2009.12.3.2070 2009.12.03 -
VirusBuster 5.0.21.0 2009.12.03 -
Information additionnelle
File size: 156160 bytes
MD5...: 8054b88f3d8111044f4014b86ab8a6b4
SHA1..: b4bc159ae8c295fb0d345615b4ebb1271585047c
SHA256: b37613c8c76b7272b56d6d8cb68e60e4a8fc7b052c326b1b9c830d85c73b27ee
ssdeep: 3072:Wf0yVp+WXrauoNt24BFHSSy8jN7D/leLyQ7:qXrYtrj93Q7

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc3d0
timedatestamp.....: 0x43dc4b80 (Sun Jan 29 04:58:40 2006)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd5c6 0xd600 5.73 0a4c469bc2212852d9a1f77ab087d36a
.data 0xf000 0xbcf 0xc00 0.00 d2a70550489de356a2cd6bfc40711204
.rdata 0x10000 0xe669 0x7a00 7.80 2eb8193fe69ac62d6475e15562bc70d5
.bss 0x1f000 0xe070 0x7400 7.96 bd88e63afb98fff3683781297ad0d8b3
.idata 0x2e000 0xe665 0x7a00 7.95 74a20255288a7679e468d235ed945aef
.rsrc 0x3d000 0x1390 0x1400 3.31 304c601896d25d4b2dc90f5765fd5ce6

( 7 imports )
> ADVAPI32.DLL: RegEnumValueA, LookupPrivilegeValueA, GetSecurityDescriptorControl, EnumServicesStatusExA, RegDeleteKeyW, RegQueryValueW, GetTokenInformation, RegCloseKey, InitializeSecurityDescriptor, RegQueryValueExW, RegQueryValueExA, RegDeleteValueW, RegEnumKeyExW, RegCreateKeyExW, ChangeServiceConfig2A, RegCreateKeyW
> GDI32.DLL: CreateSolidBrush, GetClipRgn, RealizePalette, OffsetViewportOrgEx, CreateRoundRectRgn, StretchBlt, RectVisible, GetEnhMetaFileHeader, Polyline, SetTextColor, CreateCompatibleBitmap, GetViewportExtEx, CreateRectRgn, GetTextAlign, SetLayout, SetICMMode, DeleteObject, ExtFloodFill
> KERNEL32.DLL: GlobalReAlloc, VirtualAlloc, SystemTimeToFileTime, lstrcmpiW, GetVersion, GlobalHandle, FreeLibrary, CloseHandle, SearchPathA, CreateDirectoryW, HeapAlloc, SetCurrentDirectoryA, QueryPerformanceCounter, GetCurrentProcessId, GetACP, FindResourceExW, ExitProcess, GetModuleHandleW, GetTickCount, HeapDestroy, GetLastError, GetFileTime, GetFileSize, FindResourceW, VirtualFree, GetTempPathW, GetModuleFileNameW, GetModuleHandleA, GetThreadTimes
> NTDLL.DLL: NtQueryInformationProcess, RtlFreeHeap, RtlGetNtProductType, RtlCreateSecurityDescriptor, RtlFreeUnicodeString, RtlAppendUnicodeStringToString, NtClose, NtQueryVolumeInformationFile, NtFsControlFile, RtlCopySid, RtlAllocateAndInitializeSid
> USER32.DLL: RegisterClassW, EndDialog, SendMessageW, GetParent, DefWindowProcA, GetDlgItemTextA, MoveWindow, TranslateMessage, SetDlgItemTextW, PostQuitMessage, GetWindowTextW, CharLowerW, UnhookWindowsHookEx, PtInRect, EnableWindow, CheckDlgButton, MessageBoxW, GetSystemMenu, RegisterClassExW, GetWindow
> msvcrt.dll: ctime, _tzset, wcsncat, swscanf, _makepath, _mbsnbcpy, _ltow, wcschr, __p__fmode, _itow, _wtol, wcstok, iswalpha, _lock, memcpy, __CxxFrameHandler, _strnicmp
> version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW, VerQueryValueA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=52E3F475003D34B0624A02C2D3CF6A001CB939B7' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=52E3F475003D34B0624A02C2D3CF6A001CB939B7</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned



ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
0
Réponse 40 / 69
crapoulou Messages postés 42844 Statut Modérateur, Contributeur sécurité 8 013
 
Très bien, rends-toi à cette adresse :
http://uploads.malwarebytes.org/

Et envoie ce fichier :
C:\Windows\system32\lgejhgnuself9.exe

********

Une fois cela fait, supprime ce fichier manuellement.

********

Relance Hijackthis par clic droit, ‘Exécuter en tant qu’administrateur‘.
Il se situe ici :
C:\Program Files\trend micro\Antoine.exe

Clique sur "Do a system scan only".
Coche ces lignes : 
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

Clique ensuite sur "Fix checked".
Ferme Hijackthis.

*********

Génère un nouveau rapport RSIT et dis moi comment va le PC !
0

Discussions similaires

FOTOSE (allemagne)
lix -
Yves -

13 réponses
ATTENTION : escroquerie à la carte bleue !!
dvrg -
dvrg -

80 réponses
35 GO à l'étranger
Laurence -
Laurence -

2 réponses