Bonjour, J'ai tout essayé les logiciels pour faire disparaitre mon problème. mais sans succès. des page de pub s ouvre je regarde des chose sens êtres sur un site et de la musique joue tout seul lolllllllll je suis un peu tanner pourriez vous m'aider s.v.p Configuration: Windows XP / Firefox 3.6.6

Virus , trogent ou Spyware

Réponse 41 / 124

danielle

il ne veut pas se déposer sur le lien

Réponse 42 / 124

danielle

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 12:22 on 05/07/2010 by Administrateur (Administrator - Elevation successful)

========== Dir ==========

C:\Program Files\QuickTime - Parameters: "(none)"

---Files---
PictureViewer.exe --a--- 548864 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QTInfo.exe --a--- 782336 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QTOControl.dll --a--- 880640 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QTOLibrary.dll --a--- 806912 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QTPlugin.ocx --a--- 779568 bytes [21:18 26/05/2009] [21:18 26/05/2009]
qttask .exe --a--- 413696 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QTUIPanelControl.dll --a--- 352256 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QuickTime Read Me.htm --a--- 10646 bytes [21:18 26/05/2009] [21:18 26/05/2009]
QuickTimePlayer.exe --a--- 7697712 bytes [21:18 26/05/2009] [21:18 26/05/2009]
Sample.mov --a--- 55622 bytes [21:18 26/05/2009] [21:18 26/05/2009]
Sample.qtif --a--- 18663 bytes [21:18 26/05/2009] [21:18 26/05/2009]

---Folders---
PictureViewer.Resources d----- [00:32 21/06/2009]
Plugins d----- [00:33 21/06/2009]
PropertyPanels d----- [00:32 21/06/2009]
QTComponents d----- [00:32 21/06/2009]
QTSystem d----- [00:32 21/06/2009]
QuickTimePlayer.Resources d----- [00:32 21/06/2009]

-=End Of File=-

Réponse 43 / 124

danielle

http://www.cijoint.fr/cjlink.php?file=cj201007/cijOoAF9wz.txt

Réponse 44 / 124

kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027

danielle,

Tu m'avais déjà donné le rapport de Systemlook, et pour List_Kill'em, tu n'as pas choisis la bonne option, il faut cliquer sur le bouton Search (toi, tu as fait more informations)
On respire et on y va ;)
A +

Réponse 45 / 124

danielle

je comprend pas j 'ai fait search

Réponse 46 / 124

danielle

je fait tourjours sheach il est en premier more est a la fin

Réponse 47 / 124

danielle

en tout les cas si cela na pas fini de scané car cé long, je reprendrai quand je reviendrai du travail se soir a 20 hrs

Réponse 48 / 124

kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027

re,

Je te crois mais c'est le rapport que l'on obtient en choisissant l'option More informations, donc c'est pas ça :)
Ok on s'est croisé, oui le scan peut-être long
20 h chez toi, ca fait quoi en France ?
A +
«La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»

Réponse 49 / 124

danielle

bon, comme je te l'ai dit il a bien le fichier texte qui s ouvre mais si je le ferme je ne le trouve plus nul par , alors voila pourquoi je ne peu pas te l envoyer alors je te l envoie ici petit peut par petit peu ya pas d autre facon

Réponse 50 / 124

danielle

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.0.1.6 ¤¤¤¤¤¤¤¤¤¤

User : Administrateur (Administrateurs)
Update on 05/07/2010 by g3n-h@ckm@n ::::: 13.00
Start at: 14:28:07 | 2010-07-05

Processeur Intel Pentium III Xeon
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : avast! Antivirus 5.0.83886674 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 465,75 Go (183,02 Go free) | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM

Boot: Normal

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ------- Memory(Ko)

C:\WINDOWS\System32\smss.exe----412 Ko
C:\WINDOWS\system32\csrss.exe----4368 Ko
C:\WINDOWS\system32\winlogon.exe----4572 Ko
C:\WINDOWS\system32\services.exe----5244 Ko
C:\WINDOWS\system32\lsass.exe----1524 Ko
C:\WINDOWS\system32\svchost.exe----4784 Ko
C:\WINDOWS\system32\svchost.exe----4660 Ko
C:\WINDOWS\System32\svchost.exe----22300 Ko
C:\WINDOWS\system32\svchost.exe----3340 Ko
C:\WINDOWS\system32\svchost.exe----4328 Ko
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe----28900 Ko
C:\WINDOWS\system32\igfxtray.exe----3248 Ko
C:\WINDOWS\system32\igfxpers.exe----2944 Ko
C:\WINDOWS\RTHDCPL.EXE----21804 Ko
C:\Program Files\Alwil Software\Avast5\avastUI.exe----4112 Ko
C:\WINDOWS\system32\hkcmd.exe----3220 Ko
C:\Documents and Settings\NetworkService\Local Settings\Application Data\nschkibnl\mpouhhatssd.exe----7076 Ko
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe----10484 Ko
C:\WINDOWS\system32\igfxsrvc.exe----3316 Ko
C:\WINDOWS\system32\LEXBCES.EXE----2232 Ko
C:\WINDOWS\system32\spoolsv.exe----5832 Ko
C:\WINDOWS\system32\LEXPPS.EXE----3240 Ko
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe----2760 Ko
C:\Program Files\Bonjour\mDNSResponder.exe----3508 Ko
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe----5012 Ko
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe----2432 Ko
C:\WINDOWS\system32\svchost.exe----6552 Ko
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe----5064 Ko
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe----2728 Ko
C:\WINDOWS\System32\svchost.exe----2904 Ko
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe----2832 Ko
C:\WINDOWS\System32\svchost.exe----2876 Ko
C:\Program Files\CyberLink\Shared Files\RichVideo.exe----2880 Ko
C:\WINDOWS\system32\svchost.exe----4512 Ko
C:\WINDOWS\System32\alg.exe----3492 Ko
C:\WINDOWS\system32\wscntfy.exe----2204 Ko
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe----7824 Ko
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe----3684 Ko
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe----6444 Ko
C:\Program Files\Mozilla Firefox\firefox.exe----148480 Ko
C:\Program Files\Mozilla Firefox\plugin-container.exe----26152 Ko
C:\WINDOWS\explorer.exe----29316 Ko
C:\Program Files\List_Kill'em\List_Kill'em.exe----4120 Ko
C:\WINDOWS\system32\cmd.exe----2712 Ko
C:\WINDOWS\system32\wbem\wmiprvse.exe----6472 Ko
C:\Program Files\List_Kill'em\pv.exe----2884 Ko

============
Keys "Run"
============

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Njosocohuvi REG_SZ rundll32.exe "C:\WINDOWS\kbasapi.dll",Startup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
GEST REG_SZ m'|\ü
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
ISUSPM Startup REG_SZ C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\ISUSPM.exe -startup
<NO NAME> REG_SZ
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask .exe" -atboottime
avast5 REG_SZ "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Ixeliloxegiri REG_SZ rundll32.exe "C:\WINDOWS\elokecikotadoq.dll",Startup
aevfrjqa REG_SZ C:\Documents and Settings\NetworkService\Local Settings\Application Data\nschkibnl\mpouhhatssd.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Réponse 51 / 124

danielle

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe REG_SZ C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD
C:\Program Files\mIRC\mirc.exe REG_SZ C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll REG_SZ C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe REG_SZ C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe REG_SZ C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\WINDOWS\explorer.exe REG_SZ C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

===============
ActivX controls
===============

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D467352-8D8B-6B30-E465-96AFA54024B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{819F1B88-B2D0-5A56-9481-4A545366CEBF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EE8A40-0F95-1E48-98B2-8E51ECA98693}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

=====
BHO :
=====

Réponse 52 / 124

danielle

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

===
DNS
===

DNS Server Search Order: 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A6D10E81-EDEA-4048-9548-2A33730883FE}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A6D10E81-EDEA-4048-9548-2A33730883FE}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189

================
Internet Explorer :
================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Default_Search_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr
Search Page REG_SZ

========
Services
========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

========
Safemode
========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

=========
Atapi.sys
=========

C:\WINDOWS\system32\drivers\atapi.sys :
[MD5.cdfe4411a69c224bd1d11b2da92dac51]
[SHA256.0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d]

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

Réponse 53 / 124

danielle

Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
466 Go total, 183 Go libre (39%), 8% fragment' (fragmentation du fichier 16%)

Il ne vous est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\WINDOWS\system32\AbaleZip.dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\system32\MSWINSCK.OCX
Present !! : C:\WINDOWS\System32\service
Present !! : C:\WINDOWS\Temp\fla1B.tmp
Present !! : C:\WINDOWS\Temp\fla25.tmp
Present !! : C:\WINDOWS\Temp\fla2E.tmp
Present !! : C:\WINDOWS\Temp\fla3A.tmp
Present !! : C:\WINDOWS\Temp\flaD.tmp
Present !! : C:\WINDOWS\Temp\flaEA.tmp
Present !! : C:\WINDOWS\Temp\flaF2.tmp
Present !! : C:\WINDOWS\Temp\flaFE.tmp
Present !! : C:\WINDOWS\Temp\flaFF.tmp
Present !! : C:\WINDOWS\Temp\jar_cache8265768740713473826.tmp
Present !! : C:\WINDOWS\UA000106.dll
Present !! : C:\Documents and Settings\Administrateur\Application data\inst.exe
Present !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.inf
Present !! : C:\Documents and Settings\Administrateur\Application Data\pcouffin.log
Present !! : C:\Documents and Settings\Administrateur\Application Data\inst.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\SOFTWARE\avsoft
Present !! : HKCU\Software\avsuite
Present !! : HKCU\Software\Conduit
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Present !! : HKLM\SOFTWARE\avsoft
Present !! : HKLM\SOFTWARE\avsuite

FEATURE_BROWSER_EMULATION | svchost :
====================================

Present !! : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe
Present !! : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe
Present !! : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe
Present !! : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 15:03:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89B22EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x89dd41f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled REG_DWORD 1 (0x1)
AntiVirusOverride REG_DWORD 0 (0x0)
FirewallOverride REG_DWORD 0 (0x0)
FirewallDisableNotify REG_DWORD 0 (0x0)
UpdatesDisableNotify REG_DWORD 0 (0x0)
AntiVirusDisableNotify REG_DWORD 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 15:03:38,18

Réponse 54 / 124

danielle

j ai fini par trouvé le fichié , il l'avais mis dans c:

http://www.cijoint.fr/cjlink.php?file=cj201007/cijqOmofWI.txt

bon a plus tard je dois quité

Réponse 55 / 124

kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027

danielle,

Effectivement, des infections sérieuses et coriaces, dont une placée dans le secteur d'amorce du disque dur (MBR - Master Boot Record) qui a généralement pour but de voler des identifiants de connexion, mots de passe etc...
Si tu as une question sur les manipulations qui suivent, n'hésite pas plutôt que de mal réaliser une étape.

1. Désinstalle QuickTime (un fichier composant ce programme à été infecté/modifié, si tu te sers de ce logiciel, tu devras le réinstaller après la désinfection)

2. Relance List_Kill'em avec le raccourci blanc créé sur ton bureau.

* Choisis l'Option Restore MBR
* Patiente pendant le travail de l'outil
* Lorsque le scan est fini, un rapport va se créer
* Copie/colle la rapport dans ton prochain message

3. Relance List_Kill'em avec le raccourci blanc créé sur ton bureau.

* Choisis l'Option Clean
* Une boite de dialogue t'indique que le PC va redémarrer
* Patiente pendant le travail de l'outil qui peut prendre plusieurs minutes
* Lorsque le scan est fini, la fenêtre se ferme et un rapport va se créer
* Héberge le rapport sur http://www.cijoint.fr

4. Relance OTL

* L'interface principale s'ouvre :
* Dans la partie du bas "Personnalisation", copie/colle la liste contenu dans le bloc-note : http://www.cijoint.fr/cj201007/cij1fPqGDz.txt
* Clique sur le bouton Correction, patiente pendant le travail de l'outil, à la fin il va redémarrer le PC.
* Après le re-démarrage, le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément
* Copie/colle le dans ton prochain message

Tu peux le retrouver le fichier à la racine du disque : C:\_OTL\MovedFiles (Vérifie la date si besoin : jjmmaaaa_xxxxxxxx.log)

A +

Réponse 56 / 124

danielle

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Réponse 57 / 124

danielle

http://www.cijoint.fr/cjlink.php?file=cj201007/cijjQgM5uO.txt

Réponse 58 / 124

danielle

All processes killed
========== OTL ==========
Unable to delete ADS C:\Documents and Settings\Administrateur\Mes documents\Shareaza Downloads:Shareaza.GUID .
========== FILES ==========
C:\Documents and Settings\NetworkService\Local Settings\Application Data\nschkibnl folder moved successfully.
File\Folder C:\WINDOWS\kbasapi.dll not found.
File\Folder C:\WINDOWS\elokecikotadoq.dll not found.
C:\Documents and Settings\Administrateur\Y;Y; moved successfully.
C:\Program Files\QuickTime\QTComponents folder moved successfully.
C:\Program Files\QuickTime folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Njosocohuvi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ixeliloxegiri deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\aevfrjqa deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 1685576 bytes
->Temporary Internet Files folder emptied: 65938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39809613 bytes
->Flash cache emptied: 3287 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4170801 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 2083 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 386309 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 51117488 bytes

Total Files Cleaned = 93,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 07052010_220108

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Réponse 59 / 124

danielle

ll processes killed
========== OTL ==========
Unable to delete ADS C:\Documents and Settings\Administrateur\Mes documents\Shareaza Downloads:Shareaza.GUID .
========== FILES ==========
C:\Documents and Settings\NetworkService\Local Settings\Application Data\nschkibnl folder moved successfully.
File\Folder C:\WINDOWS\kbasapi.dll not found.
File\Folder C:\WINDOWS\elokecikotadoq.dll not found.
C:\Documents and Settings\Administrateur\Y;Y; moved successfully.
C:\Program Files\QuickTime\QTComponents folder moved successfully.
C:\Program Files\QuickTime folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Njosocohuvi deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Ixeliloxegiri deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\aevfrjqa deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 1685576 bytes
->Temporary Internet Files folder emptied: 65938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39809613 bytes
->Flash cache emptied: 3287 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4170801 bytes
->Java cache emptied: 13 bytes
->Flash cache emptied: 2083 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 386309 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 51117488 bytes

Total Files Cleaned = 93,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 07052010_220108

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Réponse 60 / 124

danielle

bon, je voie bien que mon pc est encore infecter :) mais totu a leu je suis aller dans le regidit tout effacer de quick time, et la je suis aller dans document et effacer tout ce qui se trouvais a propot de shareaza. je me demande aussi si le probleme ne vien pas du logiciel logiciel professionnel multipistes «Nuendo» de «Cubase»

Virus , trogent ou Spyware

124 réponses

Votre réponse

Newsletters