Sujet Précédent Sujet Suivant

C:\WINDOWS\system32\drivers\xtjveehs.dat

Résolu
guelmitx Messages postés 12 Statut Membre -  
guelmitx Messages postés 12 Statut Membre -
Bonjour,voila j'aimerais bien savoir ce que c'est..
je scan avec trojan remover et une fenetre s'ouvre..
en me disant.
the windows registry attempts to load this file at boot time:
C:\WINDOWS\system32\drivers\xtjveehs.dat
The programm is loaded by the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nygdjfzy\"ImagePath"
il n'y a aucune info sur ca seulement la taille :19,456 ; la date cree le 12/11/07 et celle modifiee qui est la meme..ainsi que plusieurs actions.
j'ai regarde partout et je ne trouve aucune info sur tout ca.Que faire ??

16 réponses

Réponse 1 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,
Peux-tu éditer un rapport Hijackthis ? Je crois savoir ce que c'est.

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Fais un scan et poste l'analyse.

FillPCA
0
Réponse 2 / 16
guelmitx Messages postés 12 Statut Membre
 
voila ce que tu demandes...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:48 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\avast pro\aswUpdSv.exe
D:\Program Files\avast pro\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\AVASTP~1\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\avast pro\ashMaiSv.exe
D:\Program Files\avast pro\ashWebSv.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=about%3ablank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EB30D7B1-7BFA-4967-A61F-E07F0CD28714} - C:\WINDOWS\system32\audiode.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Avery Dennison\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\AVASTP~1\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\logitech\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer = 68.94.156.1 68.94.157.1
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\avast pro\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\avast pro\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\avast pro\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\avast pro\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
0
Réponse 3 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite aussi un nouveau rapport Hijackthis.

FillPCA
0
Réponse 4 / 16
guelmitx Messages postés 12 Statut Membre
 
dis j'ai lu que combofix avait eu des problemes...alors que faire?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Il n'en a plus, mais cet outil ne doit pas être utilisé à tort et à travers sans raison justifiée. Dans ton cas, c'est l'un des seuls outils à pouvoir éliminer ton infection très incrustée.

FillPCA
0
Réponse 6 / 16
guelmitx Messages postés 12 Statut Membre
 
dis est ce que le lien est tjrs bon?
0
Réponse 7 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

Oui, absolument. Tu n'y parviens pas ?
0
Réponse 8 / 16
guelmitx Messages postés 12 Statut Membre
 
salut desole..enfin voila ce que tu as demande..
ComboFix 07-12-21.4 - claudia 2007-12-22 19:02:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.483 [GMT -6:00]
Running from: D:\Program Files\combofix\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\system32\audiode.dll
C:\WINDOWS\system32\drivers\xtjveehs.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NYGDJFZY
-------\nygdjfzy
-------\poof

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-20 09:33 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-20 09:33 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-20 09:33 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-20 09:33 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-20 09:33 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-20 09:33 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-20 09:33 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-20 09:33 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-19 14:05 . 2007-12-19 14:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-18 15:53 . 2007-12-18 15:53 2,384 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-18 11:29 . 2007-12-18 11:29 484,357 --a------ C:\upload_moi_VALUED-B4B48255.tar.gz
2007-12-14 14:17 . 2007-12-21 10:31 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-14 14:16 . 2007-12-14 14:16 <DIR> d-------- C:\Documents and Settings\claudia\Application Data\Simply Super Software
2007-12-14 14:16 . 2007-12-14 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-12-14 14:16 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-12-14 14:16 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-12-14 14:16 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-12-14 14:16 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-12-14 14:16 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-12-14 12:36 . 2007-12-14 12:36 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-14 08:34 . 2007-12-14 08:34 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-12 15:16 . 2007-12-14 12:58 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-12-12 12:21 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-12 12:21 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-11 18:25 . 2007-12-13 11:41 <DIR> d-------- C:\Program Files\Video Add-on
2007-11-30 09:10 . 2007-02-28 03:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-11-30 09:10 . 2007-02-28 03:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-11-30 09:10 . 2007-02-28 02:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-11-30 09:10 . 2007-02-28 02:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-11-30 09:08 . 2006-05-05 03:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-11-30 09:06 . 2006-06-01 12:47 163,840 -----c--- C:\WINDOWS\system32\dllcache\jgdw400.dll
2007-11-30 09:06 . 2006-06-01 12:47 27,648 -----c--- C:\WINDOWS\system32\dllcache\jgpl400.dll
2007-11-30 09:05 . 2006-06-14 02:47 172,416 -----c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2007-11-30 09:05 . 2006-06-14 03:00 82,944 -----c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2007-11-30 09:05 . 2006-06-14 02:47 6,400 -----c--- C:\WINDOWS\system32\dllcache\splitter.sys
2007-11-28 19:15 . 2004-08-04 06:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2007-11-28 19:14 . 2004-08-04 06:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-11-28 19:12 . 2007-11-28 19:12 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-11-28 19:12 . 2007-11-28 19:12 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-11-28 19:12 . 2007-11-28 19:12 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-11-28 19:12 . 2007-11-28 19:12 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2007-11-28 19:12 . 2007-11-28 19:12 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-11-28 19:12 . 2007-11-28 19:12 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-11-28 18:46 . 2007-11-28 18:49 6,194 --a------ C:\WINDOWS\setupapi.old
2007-11-27 08:57 . 2007-11-27 08:57 <DIR> d-------- C:\WINDOWS\Performance
2007-11-27 08:57 . 2007-12-11 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-11-25 13:09 . 2004-08-04 06:00 1,086,058 -ra------ C:\WINDOWS\SET6A.tmp
2007-11-25 13:09 . 2004-08-04 06:00 1,042,903 -ra------ C:\WINDOWS\SET67.tmp
2007-11-25 13:09 . 2004-08-04 06:00 13,753 -ra------ C:\WINDOWS\SET76.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-22 23:47 --------- d--h--r C:\Documents and Settings\claudia\Application Data\yahoo!
2007-11-22 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-21 14:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-20 15:53 --------- d-----w C:\Program Files\Macrogaming
2007-11-18 15:04 --------- d-----w C:\Program Files\InterActual
2007-11-14 09:17 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 23:14 --------- d-----w C:\Documents and Settings\claudia\Application Data\Nero
2007-10-25 00:17 --------- d-----w C:\Documents and Settings\claudia\Application Data\Apple Computer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="D:\Program Files\logitech\ManifestEngine.exe" [2004-06-01 04:46]
"Nero PhotoShow Media Manager"="D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe" [2007-04-27 12:22]
"AnyDVD"="D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 06:34]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 12:29]
"NBKeyScan"="D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 08:25]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"Adobe Reader Speed Launcher"="D:\Program Files\Avery Dennison\Reader\Reader_sl.exe" [2007-10-10 18:51]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 12:43 C:\WINDOWS\AGRSMMSG.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TrojanScanner"="D:\Program Files\Trojan Remover\Trjscan.exe" [2007-12-10 18:59]
"avast!"="D:\PROGRA~1\AVASTP~1\ashDisp.exe" [2007-12-04 07:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 06:00 C:\WINDOWS\system32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 06:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-08-18 21:32:01]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-10-02 16:08:08]
Remocon Driver.lnk - C:\Program Files\sony\usbsircs\usbsircs.exe [2007-08-14 13:04:01]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 13:14:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 19:06:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background?g

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet
[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe"

.
Completion time: 2007-12-22 19:07:47 - machine was rebooted
.
2007-12-21 13:51:27 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:18 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\avast pro\aswUpdSv.exe
D:\Program Files\avast pro\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\AVASTP~1\ashDisp.exe
D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\avast pro\ashMaiSv.exe
D:\Program Files\avast pro\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\Program Files\hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?pc=mssh&form=msshhp&ocid=onepro&homepage=about%3ablank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*https://fr.yahoo.com/?p=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Avery Dennison\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] D:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\AVASTP~1\ashDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\logitech\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer = 68.94.156.1 68.94.157.1
O22 - SharedTaskScheduler: eaton - {d8b937a4-cdad-497b-a872-8da7c4c3ef6f} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\avast pro\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\avast pro\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\avast pro\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\avast pro\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
0
Réponse 9 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Salut,

* Télécharger smitfraudfix (de S!Ri) sur le bureau : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Clique sur smitfraudfix.exe
* Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
* Ferme l'application en tapant sur la touche Q.

FillPCA
0
Réponse 10 / 16
guelmitx Messages postés 12 Statut Membre
 
salut ,
voila le rapport comme prevu..

SmitFraudFix v2.274

Scan done at 10:38:50.68, Sun 12/23/2007
Run from D:\Program Files\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\avast pro\aswUpdSv.exe
D:\Program Files\avast pro\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\AVASTP~1\ashDisp.exe
D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\avast pro\ashMaiSv.exe
D:\Program Files\avast pro\ashWebSv.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\claudia

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\claudia\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\claudia\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d8b937a4-cdad-497b-a872-8da7c4c3ef6f}"="eaton"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 68.94.156.1
DNS Server Search Order: 68.94.157.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer=68.94.156.1 68.94.157.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

merci encore..
0
Réponse 11 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Re,

1/ * Imprimer ceci.
* Redémarrer l'ordinateur en mode sans échec en tapotant sur F5 (ou F8). L'accès à Internet devient alors impossible.
* Double cliquer sur Smitfraudfix.exe.
* Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
* A la question Voulez-vous nettoyer le registre ?], répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection. Le fix déterminera si le fichier wininet.dll est infecté.
* A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
* Quitter le programme en appuyant sur Q.
* Redémarrer normalement et coller sur le forum le rapport généré.

2/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

3/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

4/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
* Choisis Kaspersky.
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite ces rapports : Smitfraudfix, AVGantispyware, Kaspersky et un nouveau rapport Hijackthis.

FillPCA
0
Réponse 12 / 16
guelmitx Messages postés 12 Statut Membre
 
Salut voila ce qu tu as demande..

SmitFraudFix v2.274

Scan done at 15:52:32.64, Mon 12/24/2007
Run from D:\Program Files\smithfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d8b937a4-cdad-497b-a872-8da7c4c3ef6f}"="eaton"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\Video Add-on\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» DNS

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

avganti..

VG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 4:44:15 PM 12/24/2007

+ Résultat de l'analyse:

D:\Program Files\EMULE-Shareaza\eMule\Incoming\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar/Nero7\Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé.
D:\Program Files\EMULE-Shareaza\eMule\Incoming\Ahead Nero 7 Premium Multilang with KeyGen CD Version by Verdigo DCP.rar/Nero7\Nero7Keygen.zip/Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé.
D:\Program Files\EMULE-Shareaza\eMule\Incoming\Ahead Nero v7.0 Keygen.rar/Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé.
D:\Program Files\nero\ahead NERO7\Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé.
D:\Program Files\nero\ahead NERO7\Nero7\Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé.
D:\Program Files\nero\ahead NERO7\Nero7\Nero7Keygen.zip/Nero7Keygen.exe -> Backdoor.Hupigon : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> TrackingCookie.247realmedia : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> TrackingCookie.2o7 : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Adbrite : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Addynamix : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Adrevolver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Adrevolver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Adrevolver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq46.tmp -> TrackingCookie.Adrevolver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> TrackingCookie.Adtech : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Adtech : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Advertising : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Atdmt : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> TrackingCookie.Atdmt : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Bluestreak : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Bluestreak : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Burstnet : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Burstnet : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Burstnet : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Casalemedia : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Casalemedia : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Clickbank : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Comclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Coremetrics : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Cpvfeed : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Doubleclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> TrackingCookie.Doubleclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> TrackingCookie.Euroclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Euroclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Fastclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> TrackingCookie.Fastclick : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> TrackingCookie.Findwhat : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> TrackingCookie.Hitbox : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> TrackingCookie.Intelli-direct : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81.tmp -> TrackingCookie.Mediaplex : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> TrackingCookie.Mediaplex : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> TrackingCookie.Netflame : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Onestat : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3F.tmp -> TrackingCookie.Pointroll : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Pointroll : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Pro-market : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.Questionmarket : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> TrackingCookie.Questionmarket : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> TrackingCookie.Realmedia : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Realmedia : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> TrackingCookie.Revsci : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Serving-sys : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> TrackingCookie.Serving-sys : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7A.tmp -> TrackingCookie.Serving-sys : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> TrackingCookie.Serving-sys : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Sextracker : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Sextracker : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Sextracker : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2B.tmp -> TrackingCookie.Smartadserver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrackingCookie.Smartadserver : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Statcounter : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Statcounter : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq37.tmp -> TrackingCookie.Tacoda : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> TrackingCookie.Tacoda : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> TrackingCookie.Tacoda : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> TrackingCookie.Tacoda : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7E.tmp -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> TrackingCookie.Trafficmp : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> TrackingCookie.Tribalfusion : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> TrackingCookie.Weborama : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp -> TrackingCookie.Weborama : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Webtrends : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Webtrends : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Webtrendslive : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC.tmp -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> TrackingCookie.Zedo : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq34.tmp -> TrackingCookie.Zedo : Nettoyé.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> TrackingCookie.Zedo : Nettoyé.

Fin du rapport

kaspe...
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 24, 2007 6:12:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/12/2007
Kaspersky Anti-Virus database records: 493226
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 67967
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 00:53:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12142007-123640.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\claudia\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Messenger\guelmitx@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Messenger\guelmitx@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Messenger\guelmitx@hotmail.com\SharingMetadata\Working\database_6E44_AC19_44AB_E1D7\dfsr.db Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Messenger\guelmitx@hotmail.com\SharingMetadata\Working\database_6E44_AC19_44AB_E1D7\fsr.log Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Messenger\guelmitx@hotmail.com\SharingMetadata\Working\database_6E44_AC19_44AB_E1D7\fsrtmp.log Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Messenger\guelmitx@hotmail.com\SharingMetadata\Working\database_6E44_AC19_44AB_E1D7\tmp.edb Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{F09C3266-1B66-42EB-ACEA-4D970ED7CD43} Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Windows Live Contacts\guelmitx@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Application Data\Microsoft\Windows Live Contacts\guelmitx@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\History\History.IE5\MSHist012007122420071225\index.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temp\Perflib_Perfdata_bc8.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temp\~DF9116.tmp Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temp\~DFB94A.tmp Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temp\~DFB974.tmp Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temp\~DFCAB3.tmp Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temp\~DFCDD2.tmp Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\claudia\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\claudia\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\claudia\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\xtjveehs.dat.vir Object is locked skipped
C:\qoobox\Quarantine\catchme2007-12-22_190617.34.zip/xtjveehs.dat Infected: Rootkit.Win32.Agent.ql skipped
C:\qoobox\Quarantine\catchme2007-12-22_190617.34.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SCE5ABA11.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Program Files\avast pro\DATA\aswResp.dat Object is locked skipped
D:\Program Files\avast pro\DATA\Avast4.db Object is locked skipped
D:\Program Files\avast pro\DATA\log\AshWebSv.ws Object is locked skipped
D:\Program Files\avast pro\DATA\log\aswMaiSv.log Object is locked skipped
D:\Program Files\avast pro\DATA\log\nshield.log Object is locked skipped
D:\Program Files\avast pro\DATA\report\Protection résidente.txt Object is locked skipped
D:\Program Files\bitcomet\ATT_SST_Installer.exe/WISE0107.BIN/WISE0008.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
D:\Program Files\bitcomet\ATT_SST_Installer.exe/WISE0107.BIN/WISE0009.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
D:\Program Files\bitcomet\ATT_SST_Installer.exe/WISE0107.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
D:\Program Files\bitcomet\ATT_SST_Installer.exe WiseSFX: infected - 3 skipped
D:\Program Files\bitcomet\ATT_SST_Installer.exe WiseSFXDropper: infected - 3 skipped
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\BIU1.txt Object is locked skipped
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe NSIS: infected - 1 skipped
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\nero_photoshow_express_5_setup.exe NSIS: infected - 1 skipped
D:\Program Files\smithfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Program Files\smithfraudfix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Program Files\smithfraudfix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Program Files\smithfraudfix\SmitfraudFix.exe RarSFX: infected - 2 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

hitjack..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:21 PM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\avast pro\aswUpdSv.exe
D:\Program Files\avast pro\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\AVASTP~1\ashDisp.exe
D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\sony\usbsircs\usbsircs.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\avast pro\ashMaiSv.exe
D:\Program Files\avast pro\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\Program Files\hijackthis\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Avery Dennison\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\AVASTP~1\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\logitech\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] D:\PROGRA~1\nero\NERO_8~1.COM\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Remocon Driver.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.serviceshub.microsoft.com/supportforbusiness/create
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{33B7F963-C47F-445B-81D4-73E2A4176590}: NameServer = 68.94.156.1 68.94.157.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\avast pro\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\avast pro\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\avast pro\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\avast pro\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Giga Pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Giga Pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
0
Réponse 13 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Salut,

Je vois que tu utilises des logiciels p2p et que tu télécharges des cracks. Je ne porte pas de jugement, mais si tu veux garder un pc sain, ceci est à proscrire. L'infection qui te touchait et très grave, même si elle a été nettoyé avec une facilité inhabituellement déconcertante.

Quelles que soient les protections, ce type de surf n'apporte que des ennuis.

1/ Désinstalle Nero et Bitcomet et redémarre ton PC.
2/ * Télécharge OTMoveIt (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste List Of Files/Folders to be moved" :

D:\Program Files\bitcomet
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

3/ Comment le pc se porte ?

FillPCA
0
Réponse 14 / 16
guelmitx Messages postés 12 Statut Membre
 
salut,
je sais que tout ca pause probleme,
en plus je n'utilise pas nero c'est un ami qui me l'a installe et pour bitcomet je telecharge avec shareaza des vieux films francais ou bien de la musique ce qui est interdit mais bon c'est tout...
voila le resultat je ne trouvais pas bitcomet car je l'avais ferme il y a longtmeps..
D:\Program Files\bitcomet\torrents moved successfully.
D:\Program Files\bitcomet\share moved successfully.
D:\Program Files\bitcomet\rules moved successfully.
D:\Program Files\bitcomet moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\wmv_profiles moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\RenderEngine moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\PrintOMatic_MX moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\World moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Special Occasion moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Rock moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Pop moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Latin moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Jazz moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Hip Hop moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Electronic moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Easy Listening moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Country moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Classical moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Childrens moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set\Blues moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\full_music_set moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras\certs moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Xtras moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\fonts moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\Demo Show moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar\data\shared moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar\data\nero\text moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar\data\nero\art\pd moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar\data\nero\art moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar\data\nero moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar\data moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\simplestar moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\ps_data\assets\setup moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\ps_data\assets\detect moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\ps_data\assets\art moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\ps_data\assets moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\ps_data moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\pd_data\printer_templates moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\pd_data\dynamic_messaging\messages moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\pd_data\dynamic_messaging moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\pd_data\casts moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\pd_data\brushes moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared\pd_data moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app\shared moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data\app moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5\data moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\PhotoShow 5 moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\SecurDiscViewer moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Logo\NST moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Logo\NRD moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Logo\NPSE moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Logo\NMH moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Logo\Default moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Logo moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Info moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images\Bckg moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist\Images moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Redist moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Nero PhotoShow Express\Flash Player Install moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Nero PhotoShow Express\data moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Nero PhotoShow Express moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Setup moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Windows\winsxs\Policies moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Windows\winsxs\Manifests moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Windows\winsxs moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Windows\system32\Ansi moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Windows\system32 moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Windows moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\System moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Setup moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Redist\DirectX moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Redist\Config moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data\Redist moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation\Data moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition\Installation moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero_8_Ultra_Edition moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8\Nero BackItUp moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Nero 8 moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com]\Manuals moved successfully.
D:\Program Files\nero\Nero_8_Ultra_Edition_por_hamlet[www.DivxTotaL.com] moved successfully.

Created on 12/26/2007 17:03:44
voila j''espere que tou sera ok maintenant ,merci
0
Réponse 15 / 16
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Bonjour,

* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

* Une liste apparaît dans la partie gauche d'OTmoveIT.
* Un message apparaît pour confirmer le nettoyage. Confirme.
* Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

1/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
Tu peux par contre, garder AVG Antispyware et CCleaner.
3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok.
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. Redémarrer l'ordinateur.
4/ Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp
5/ Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Tes infections : DELF, Smitfraud, Hupigon, My websearch ***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM
6/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
7/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA
0
Réponse 16 / 16
guelmitx Messages postés 12 Statut Membre
 
salut ,merci pour tout et bonnes fetes.
0