Sujet Précédent Sujet Suivant

Mon pc est trés trés lent.

Résolu
lili79 Messages postés 131 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
Voila le PC est trées lent.
J'ai fais les test AD-AWARE et SPYBOT, corrigé et vacciné apparament plus rien.j'ai néanmoins telechargé HIJACKTHIS
Et étalis un rapport que voici, pourriez vous me dire si c'est nikel?
marci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:08, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6C54318-5AC7-477D-B0A7-49AF5189300C} - C:\WINDOWS\system32\byXPGwWN.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3873a63a4e054c428c169055ecdb41f5
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3873a63a4e054c428c169055ecdb41f5
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: byXPGwWN - C:\WINDOWS\SYSTEM32\byXPGwWN.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: app_filter - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: (no name) - https://www.microsoft.com/fr-fr/windows
O24 - Desktop Component 1: (no name) - http://static.hugedomains.com/images/logo_huge_domains.gif
O24 - Desktop Component 2: (no name) - http://vcheck.emule-project.net/en/templates/Appalachia/images/cellpic3.gif
A voir également:

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
lili79 Messages postés 131 Statut Membre 5
 
Bonjour,
Je suis en mode sans échec, comme demandé, et quand je clic sur l'icône de malwarebyte s anti malware
rien ne se lance,et j'ai ce message d'erreur.
@+lili79
0
Réponse 22 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, bizarre ...

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 23 / 38
lili79 Messages postés 131 Statut Membre 5
 
Voici le rapport:

ComboFix 08-05-01.1 - Gilles 2008-05-05 19:55:09.3 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Gilles\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awtuRkHy.dll
C:\WINDOWS\system32\geBspmjK.dll
C:\WINDOWS\system32\KjmpsBeg.ini
C:\WINDOWS\system32\KjmpsBeg.ini2
C:\WINDOWS\system32\nnnnOEtS.dll
C:\WINDOWS\system32\xxyWqQig.dll
C:\WINDOWS\system32\yayxuvSK.dll
C:\WINDOWS\system32\yayxxYoN.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-05 to 2008-05-05 ))))))))))))))))))))))))))))))))))))
.

2008-05-05 18:31 . 2008-05-05 18:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-05 18:31 . 2008-05-05 18:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 21:50 . 2008-05-04 21:50 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\Malwarebytes
2008-05-04 13:00 . 2008-05-04 20:46 <REP> d-------- C:\Program Files\Lopxp
2008-05-04 12:44 . 2008-05-04 12:44 <REP> d-------- C:\Program Files\NeroInstall.bak
2008-05-02 19:09 . 2008-05-04 00:15 <REP> d-------- C:\Program Files\Navilog1
2008-05-02 16:30 . 2008-05-02 16:30 <REP> d-------- C:\WINDOWS\ERUNT
2008-05-02 14:16 . 2008-05-02 14:16 <REP> d-------- C:\Documents and Settings\Administrateur
2008-05-01 15:10 . 2008-05-01 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-04-30 23:20 . 2008-05-01 15:10 <REP> d-------- C:\Program Files\Lavasoft
2008-04-30 23:20 . 2008-05-01 15:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 23:03 . 2008-04-28 23:03 <REP> d-------- C:\Program Files\Trend Micro
2008-04-28 22:21 . 2008-04-28 22:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-28 22:21 . 2008-04-28 22:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-28 20:40 . 2008-04-28 22:08 <REP> d-------- C:\Program Files\RegCleaner
2008-04-28 20:38 . 2008-04-28 20:38 <REP> d-------- C:\Program Files\CCleaner
2008-04-20 10:10 . 2008-04-20 10:10 <REP> d-------- C:\Documents and Settings\Gilles\Application Data\AstroMenace
2008-04-16 09:57 . 2008-04-16 09:57 <REP> d-------- C:\Program Files\Windows Live
2008-04-16 09:57 . 2008-04-16 09:57 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-16 09:56 . 2008-04-16 09:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 20:19 . 2008-04-10 20:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Awem
2008-04-08 22:10 . 2008-04-20 10:29 <REP> d-------- C:\Program Files\Pogo FR
2008-04-08 18:27 . 2008-05-01 17:06 <REP> d-------- C:\Program Files\Bass Tournament Tycoon
2008-04-07 18:52 . 2008-04-07 18:58 <REP> d-------- C:\Program Files\MumboJumbo

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 16:25 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-05 16:23 --------- d-----w C:\Program Files\Symantec
2008-05-05 16:23 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-05-05 16:22 --------- d-----w C:\Program Files\Club-Internet
2008-05-05 16:06 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-05 16:05 --------- d-----w C:\Program Files\Yahoo!
2008-05-05 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-05-04 10:41 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-05-04 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-01 16:00 --------- d-----w C:\Program Files\Mes Jeux Téléchargés
2008-05-01 15:10 --------- d-----w C:\Program Files\GameHouse
2008-05-01 15:06 --------- d-----w C:\Program Files\PopCap Games
2008-05-01 15:06 --------- d-----w C:\Program Files\AV Vcs 4.0 DIAMOND
2008-05-01 07:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-28 18:45 --------- d-----w C:\Program Files\Google
2008-04-21 22:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 06:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-14 22:11 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-11 20:56 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Zylom
2008-04-05 22:31 --------- d-----w C:\Documents and Settings\Gilles\Application Data\LimeWire
2008-04-05 21:58 --------- d-----w C:\Program Files\eMule
2008-04-03 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-04-02 11:31 --------- d-----w C:\Program Files\AskTBar
2008-03-31 21:07 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-27 13:53 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-22 23:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-12 20:33 --------- d-----w C:\Documents and Settings\Vivi\Application Data\VadeRetro
2008-03-12 14:01 --------- d-----w C:\Documents and Settings\Vivi\Application Data\Nero
2008-03-11 19:03 --------- d-----w C:\Documents and Settings\Gilles\Application Data\Nero
2008-03-11 19:00 --------- d-----w C:\Program Files\Nero
2008-03-11 18:42 --------- d-----w C:\Program Files\NewTech Infosystems
2008-03-11 18:38 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-09 13:00 --------- d-----w C:\Documents and Settings\Vivi\Application Data\vlc
2008-03-06 21:02 --------- d-----w C:\Documents and Settings\Gilles\Application Data\vlc
2008-03-06 20:59 --------- d-----w C:\Program Files\VideoLAN
2008-03-06 20:55 --------- d-----w C:\Program Files\JCA2000
2008-03-06 20:48 --------- d-----w C:\Program Files\Winsos
2008-03-06 20:47 --------- d-----w C:\Program Files\MSN Messenger
2008-03-06 20:40 --------- d-----w C:\Documents and Settings\Gilles\Application Data\VadeRetro
2008-03-06 20:39 --------- d-----w C:\Program Files\Goto Software
2008-03-06 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\VadeRetro
2008-03-06 20:00 --------- d-----w C:\Program Files\Maxis
2008-03-05 23:25 --------- d-----w C:\Documents and Settings\Vivi\Application Data\Skype
2008-02-28 15:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 14:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-10-08 17:07 57,184 ----a-w C:\Documents and Settings\Gilles\Application Data\GDIPFONTCACHEV1.DAT
2007-04-06 09:21 14 ----a-w C:\Documents and Settings\Gilles\getfile.dat
2007-04-05 09:12 14 ----a-w C:\Documents and Settings\Vivi\getfile.dat
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( snapshot@2008-05-02_12.08.04.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-12 23:18:45 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spmsg.dll
+ 2005-10-12 23:15:24 15,072 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spmsg.dll
- 2005-10-12 23:18:45 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spuninst.exe
+ 2005-10-12 23:15:24 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB921883\spuninst.exe
- 2005-10-12 23:18:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\spcustom.dll
+ 2005-10-12 23:15:24 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\spcustom.dll
- 2005-10-12 23:18:46 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
+ 2005-10-12 23:15:26 727,776 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\update.exe
- 2005-10-12 23:18:49 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\updspapi.dll
+ 2005-10-12 23:15:44 394,976 ----a-w C:\WINDOWS\$hf_mig$\KB921883\update\updspapi.dll
- 2008-05-02 10:02:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 17:58:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-29 03:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-05-02 14:30:58 8,003,584 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-05-02 14:30:58 118,784 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-29 03:11:08 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-05-02 14:30:57 8,003,584 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-05-02 14:30:57 118,784 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-02-18 14:21:08 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
+ 2008-02-18 14:21:08 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
+ 2006-03-17 09:45:52 1,757,184 ----a-w C:\WINDOWS\system32\imagX7.dll
+ 2006-03-17 09:45:54 497,296 ----a-w C:\WINDOWS\system32\imagXpr7.dll
+ 2006-03-17 09:45:54 258,048 ----a-w C:\WINDOWS\system32\imagXR7.dll
+ 2006-03-17 09:45:54 802,816 ----a-w C:\WINDOWS\system32\imagXRA7.dll
+ 2006-12-19 07:30:26 81,920 ----a-w C:\WINDOWS\system32\IoctlSvc.exe
+ 2008-02-18 14:04:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
- 2007-03-06 01:34:33 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2005-10-12 23:15:24 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2006-03-17 12:49:46 368,640 ----a-w C:\WINDOWS\system32\TwnLib4.dll
+ 2007-03-20 18:22:04 972,336 ----a-w C:\WINDOWS\UNNeroBackItUp.exe
+ 2007-02-28 13:41:02 972,336 ----a-w C:\WINDOWS\UNNeroShowTime.exe
+ 2007-03-21 18:02:12 972,336 ----a-w C:\WINDOWS\UNNeroVision.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINSOS VERIFY"="C:\Program Files\WINSOS\WINSOS.exe" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
"Vaderetro Outlook"="C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe" [2006-07-22 12:59 44544]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2006-02-16 17:46 295936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"Spyware-Secure"="C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-08 16:33 282624]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-10-07 18:53 131072]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-05 05:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LE COMPAGNON CLUB.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LE COMPAGNON CLUB.lnk
backup=C:\WINDOWS\pss\LE COMPAGNON CLUB.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Gilles^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk.disabled]
path=C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk.disabled
backup=C:\WINDOWS\pss\Adobe Gamma.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Gilles^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk]
path=C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk
backup=C:\WINDOWS\pss\Club Internet.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Gilles^Menu Démarrer^Programmes^Démarrage^Club Internet.lnk.disabled]
path=C:\Documents and Settings\Gilles\Menu Démarrer\Programmes\Démarrage\Club Internet.lnk.disabled
backup=C:\WINDOWS\pss\Club Internet.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-19 21:50 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
"SurfSideKick 3"=C:\Program Files\SurfSideKick 3\Ssk.exe
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"PECarlin"="C:\Program Files\PECarlin\PECarlin.exe"
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
"Livecom"="C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"Error Safe"="C:\Program Files\Error Safe Free\ers.exe" /scan
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
"AXVenore"="C:\Program Files\AXVenore\AXVenore.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
"MsnMsgr"=~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
"SweetIM"=C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
"SurfSideKick 3"=C:\Program Files\SurfSideKick 3\Ssk.exe
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"NWEReboot"=
"ntiMUI"=C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"EPSON Stylus DX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
"AspireService"=C:\Program Files\Acer\Acer eMode Management\AspireService.exe
"<NO NAME>"=
"vmtalk"=C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"MediaSync"=C:\Program Files\Acer\Acer eConsole\MediaSync.exe
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"LaunchApp"=Alaunch
"eRecoveryService"=C:\Program Files\Acer\eRecovery\Monitor.exe
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
"BDMCon"="C:\Program Files\Softwin\BitDefender8\bdmcon.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1663:UDP"= 1663:UDP:Windows Media Format SDK (iexplore.exe)
"1662:UDP"= 1662:UDP:Windows Media Format SDK (iexplore.exe)
"1704:UDP"= 1704:UDP:Windows Media Format SDK (iexplore.exe)

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-06 17:13:42 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 19:59:51
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 114

**************************************************************************
.
Temps d'accomplissement: 2008-05-05 20:02:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-05 18:02:53
ComboFix2.txt 2008-05-02 12:23:20

Pre-Run: 56,474,836,992 octets libres
Post-Run: 57,207,164,928 octets libres

261 --- E O F --- 2008-04-13 17:58:02
@+ lili79
0
Réponse 24 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

supprime ces fichiers en gras, ainsi que les programmes du même nom !

C:\Program Files\AXVenore
C:\Program Files\SurfSideKick 3
C:\Program Files\Macrogaming
C:\Program Files\Error Safe Free
C:\Program Files\PECarlin

ensuite essaye à nouveau malwarebyte

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
lili79 Messages postés 131 Statut Membre 5
 
bonjour,
Je n'ai trouvé qu'un seul programes cités :Macrogaming

C:\Program Files\AXVenore
C:\Program Files\SurfSideKick 3
C:\Program Files\Macrogaming
C:\Program Files\Error Safe Free
C:\Program Files\PECarlin
J'ai quand même tenté de relancer malwarebyte s anti malware
et la même résultat, même code d'erreur.
@+ lili79
0
Réponse 26 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Ok,

télécharge OTMoveIt (de Old_Timer) sur ton Bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

C:\Program Files\AXVenore
C:\Program Files\SurfSideKick 3
C:\Program Files\Macrogaming
C:\Program Files\Error Safe Free
C:\Program Files\PECarlin

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

++
0
Réponse 27 / 38
lili79 Messages postés 131 Statut Membre 5
 
voici le rapport:

File/Folder C:\Program Files\AXVenore not found.
File/Folder C:\Program Files\SurfSideKick 3 not found.
File/Folder C:\Program Files\Macrogaming not found.
File/Folder C:\Program Files\Error Safe Free not found.
File/Folder C:\Program Files\PECarlin not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05052008_212755

++lili79
0
Réponse 28 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 29 / 38
lili79 Messages postés 131 Statut Membre 5
 
Bonjour, green day?
Voici les rapports:
dans l'ordre.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 07:40:46 06/05/2008

+ Résultat de l'analyse:

Rien à signaler.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Tue, May 06, 2008 - 08:51:51

Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistics

Time
01:05:47

Files
349902

Folders
10709

Boot Sectors
4

Archives
8500

Packed Files
23634

Results

Identified Viruses
9

Infected Files
42

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
42

Engines Info

Virus Definitions
1189793

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Gilles\Bureau\matos visio\SpywareSecure_trial_setup.exe=>(NSIS 2o)=>lzma_solid_nsis0007
Detected with: Adware.SpywareSecure.D

C:\Documents and Settings\Gilles\Bureau\matos visio\SpywareSecure_trial_setup.exe=>(NSIS 2o)=>lzma_solid_nsis0007
Deleted

C:\Documents and Settings\Gilles\Bureau\matos visio\SpywareSecure_trial_setup.exe=>(NSIS 2o)
Update failed

C:\Documents and Settings\Gilles\Bureau\Nero_8_SETUP.exe
Infected with: Trojan.MulDrop.PYY

C:\Documents and Settings\Gilles\Bureau\Nero_8_SETUP.exe
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
Detected with: Adware.Navipromo.BYH

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002
Detected with: Adware.Navipromo.BYH

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)=>lzma_solid_nsis0002
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0014=>(NSIS g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\%%%%%.exe.vir
Infected with: Packer.Malware.NaN.A

C:\QooBox\Quarantine\C\WINDOWS\system32\%%%%%.exe.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\%%%%%.exe.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\awtuRkHy.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\awtuRkHy.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\BattyRun.dll.vir
Detected with: Adware.Batty.A

C:\QooBox\Quarantine\C\WINDOWS\system32\BattyRun.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\byXPGwWN.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\byXPGwWN.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\khfGwTME.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\khfGwTME.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\ljJCvSki.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\ljJCvSki.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnOEtS.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnnOEtS.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\opnkkifF.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\opnkkifF.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnonMg.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\opnnonMg.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkHxUk.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnkHxUk.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyWqQig.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyWqQig.dll.vir
Deleted

C:\QooBox\Quarantine\C\WINDOWS\system32\yayxxYoN.dll.vir
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\C\WINDOWS\system32\yayxxYoN.dll.vir
Deleted

C:\QooBox\Quarantine\catchme2008-05-05_195755,34.zip=>yayxuvSK.dll
Infected with: Trojan.Vundo.EGG

C:\QooBox\Quarantine\catchme2008-05-05_195755,34.zip=>yayxuvSK.dll
Deleted

C:\QooBox\Quarantine\catchme2008-05-05_195755,34.zip
Updated

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP567\A0093878.exe=>(NSIS o)=>lzma_solid_nsis0002
Detected with: Adware.Navipromo.BZL

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP567\A0093878.exe=>(NSIS o)=>lzma_solid_nsis0002
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP567\A0093878.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP584\A0102826.exe
Detected with: Adware.Gamespyarcade.F

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP584\A0102826.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104288.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104288.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104290.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104290.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104293.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104293.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104294.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104294.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104295.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104295.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104297.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP587\A0104297.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113406.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113406.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113428.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113428.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113430.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113430.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113431.exe
Detected with: Adware.Trymedia.DAO

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP594\A0113431.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123170.dll
Detected with: Adware.Batty.A

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123170.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123172.exe
Infected with: Packer.Malware.NaN.A

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123172.exe
Disinfection failed

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123172.exe
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123175.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123175.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123176.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123176.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123177.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123177.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123178.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123178.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123179.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123179.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123180.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP609\A0123180.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125246.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125246.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125247.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125247.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125248.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125248.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125249.dll
Infected with: Trojan.Vundo.EGG

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125249.dll
Deleted

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125855.exe
Infected with: Trojan.MulDrop.PYY

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP611\A0125855.exe
Deleted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:19, on 06/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_INTL_FRANCE/bejeweled2/Oberongamesloader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: yayxuvSK - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O24 - Desktop Component 0: (no name) - https://www.microsoft.com/fr-fr/windows
O24 - Desktop Component 1: (no name) - http://static.hugedomains.com/images/logo_huge_domains.gif
O24 - Desktop Component 2: (no name) - http://vcheck.emule-project.net/en/templates/Appalachia/images/cellpic3.gif
0
Réponse 30 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

dis moi où en sont tes soucis à présent ?

++
0
Réponse 31 / 38
lili79 Messages postés 131 Statut Membre 5
 
cela a l'air de marcher
ques-ce que ca a donné , la lecture des rapports de ce matin?
Il y a quelques choses qui me chiffone néanmoins, le fait que plus j'enléve des virus ou autre saloperies,j'ai
l'impression que plus y'en a.
Je rêve ou quoi?
Merci des réponses.
@+ lili79
0
Réponse 32 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

il y en a pas plus, tes symptômes étaient "l'arbre qui cachait la forêt" !

petite vérif :

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
++
0
Réponse 33 / 38
lili79 Messages postés 131 Statut Membre 5
 
Bonjour ,
Je n'ai pas dand le dossier sdfix, le fichier: RunThis.cmd
Que faire?
Merci @+ lili79
0
Réponse 34 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
:/

voici le tuto en image : https://www.malekal.com/slenfbot-still-an-other-irc-bot/

++
0
Réponse 35 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
:/

voici le tuto en image : https://www.malekal.com/slenfbot-still-an-other-irc-bot/

++
0
Réponse 36 / 38
lili79 Messages postés 131 Statut Membre 5
 
voici j'espère the last report:

[b]SDFix: Version 1.180 [/b]
Run by Gilles on 06/05/2008 at 19:26

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Gilles\Bureau\SDFIXF~1\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 19:48:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 114

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\Gilles\Bureau\SDFIXF~1\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Thu 23 Jun 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 23 Jun 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Mon 1 Oct 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

[b]Finished![/b]

Néanmoins, quels sont les consignes, à suivre, pour ne plus avoir et éviter touts ces désagréments?
Merci et plus encore pour tout
@+ lili79
0
Réponse 37 / 38
lili79 Messages postés 131 Statut Membre 5
 
tout est bien qui fini bien.
Encore mille mercis à Greenday pour son aide précieuse, voire sa précieuse aide.
(je vais signer le manifeste)
@+lili79
0
Réponse 38 / 38
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

très bien,

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

O20 - Winlogon Notify: yayxuvSK - C:\WINDOWS\

Ensuite, installe un antivirus et un parefeu !

voir ici pour les recommandation en sécurité !

http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet

https://sebsauvage.net/safehex.html

@+
0