Pc infecté par trojan
jaheim
-
sheva55 -
sheva55 -
Bonjour,
désolé de vous déranger j'ai un problème de trojan
j'ai lu les autres discussions à ce propos j'ai télécharger hitchjackthis,et voici le rapport
je vous remercie d'avance pour votre precieuse aide
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:48, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\SystemErrorFixer\strpmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\z_Drivers\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: (no name) - {41491473-C2C1-459B-9D5B-9E28DEEAF2F6} - C:\WINDOWS\system32\cfgmgr3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 432591 helper - {CD897D22-9C44-411E-808A-B79C7F90DC7E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\roam web.exe
O4 - HKLM\..\Run: [SystemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\SystemErrorFixer\ucookw.exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dvd Heart] C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\team grey.exe
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: autorun.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\dnlsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
désolé de vous déranger j'ai un problème de trojan
j'ai lu les autres discussions à ce propos j'ai télécharger hitchjackthis,et voici le rapport
je vous remercie d'avance pour votre precieuse aide
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:28:48, on 22/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\SystemErrorFixer\strpmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\z_Drivers\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll
O2 - BHO: (no name) - {41491473-C2C1-459B-9D5B-9E28DEEAF2F6} - C:\WINDOWS\system32\cfgmgr3.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 432591 helper - {CD897D22-9C44-411E-808A-B79C7F90DC7E} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [warn default inter for] C:\Documents and Settings\All Users\Application Data\Time Dead Warn Default\roam web.exe
O4 - HKLM\..\Run: [SystemErrorFixer] C:\Program Files\SystemErrorFixer\SysRep.exe
O4 - HKLM\..\Run: [cwriter] C:\Program Files\SystemErrorFixer\ucookw.exe
O4 - HKLM\..\Run: [BMN] "C:\Program Files\Fichiers communs\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Dvd Heart] C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\team grey.exe
O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: autorun.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\Admin\LOCALS~1\Temp\dnlsvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
A voir également:
- Pc infecté par trojan
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
7 réponses
Bonjour,
Eh beh y'a du monde
On va arranger tout ça :)
#Télécharge lopS&D.exe sur ton bureau (Clique-droit sur le lien > Enregister la cible du lien sous)
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
#Désactive ton antivirus au cas où (tu pourras le réactiver après la fin du scan)
#Double-clique sur lopSD pour lancer l'installation
#Une fois installé, double-clique Lop S&D
#Sélectionne la langue en appuyant sur la touche F, puis choisis l'option 1 (Recherche)
#Si lopSD te demande de redémarrer accepte et attends la fin du scan.
#Copie/colle le contenu du rapport qui se situe à la racine du DD C:\lopR.txt
-----------------------------------------------------------------------------------------------------------------------------------------------------
*Télécharge SmitFraudFix.exe sur ton bureau
*Double-clique sur SmitfraudFix.exe
*Choisis 1 et appuie sur ENTREE
*Un rapport se trouve à la racine du disque système C:\rapport.txt
*Copie/colle le dans ta prochaine réponse.
Eh beh y'a du monde
On va arranger tout ça :)
#Télécharge lopS&D.exe sur ton bureau (Clique-droit sur le lien > Enregister la cible du lien sous)
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
#Désactive ton antivirus au cas où (tu pourras le réactiver après la fin du scan)
#Double-clique sur lopSD pour lancer l'installation
#Une fois installé, double-clique Lop S&D
#Sélectionne la langue en appuyant sur la touche F, puis choisis l'option 1 (Recherche)
#Si lopSD te demande de redémarrer accepte et attends la fin du scan.
#Copie/colle le contenu du rapport qui se situe à la racine du DD C:\lopR.txt
-----------------------------------------------------------------------------------------------------------------------------------------------------
*Télécharge SmitFraudFix.exe sur ton bureau
*Double-clique sur SmitfraudFix.exe
*Choisis 1 et appuie sur ENTREE
*Un rapport se trouve à la racine du disque système C:\rapport.txt
*Copie/colle le dans ta prochaine réponse.
bonjour,
j'ai effectué ce que vous m'avez indiqué de faire hier,et voici les deux rapport
le 1er lop S&D
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Admin ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 23/06/2008 | 15:49:08,46 ] [ PC : XPSP2-3394172EB ]
[ MAJ : 21-06-2008 | 15:15 ]
-------------[ Listing des dossiers dans Application Data ]------------
[08/09/2007|16:02] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[08/09/2007|15:47] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\Admin\APPLIC~1\desktop.ini
[11/08/2007|19:25] C:\DOCUME~1\Admin\APPLIC~1\Google
[21/06/2008|21:23] C:\DOCUME~1\Admin\APPLIC~1\Holdbindeaf
[08/09/2007|15:29] C:\DOCUME~1\Admin\APPLIC~1\Identities
[12/08/2007|12:23] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[27/11/2007|21:39] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[04/02/2008|22:23] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[13/09/2007|18:11] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[27/09/2007|09:37] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[08/09/2007|16:31] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[09/09/2007|20:42] C:\DOCUME~1\Admin\APPLIC~1\Real
[11/08/2007|16:40] C:\DOCUME~1\Admin\APPLIC~1\Sun
[24/10/2005|13:06] C:\DOCUME~1\Admin\APPLIC~1\sysdefender.exe
[25/05/2008|15:52] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[23/06/2008|15:42] C:\DOCUME~1\Admin\APPLIC~1\temp.dll
[23/05/2008|12:10] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[23/11/2007|00:57] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[08/09/2007|17:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[09/03/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/09/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/09/2007|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[10/09/2007|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/06/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/02/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/09/2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer
[23/06/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[21/06/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
[22/03/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[26/02/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/02/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/09/2007|17:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/06/2008|14:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/10/2005|19:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\printer.exe
[20/06/2008|14:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun
[21/06/2008|12:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[20/06/2008|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[27/10/2005|00:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\printer.exe
[21/06/2008|13:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Real
[21/06/2008|12:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Sun
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[23/06/2008 15:00][--ah-----] C:\WINDOWS\tasks\AFE27A0D9189EE29.job
[18/06/2008 16:38][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/06/2008 15:41][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
AFE27A0D9189EE29.job <--> c:\docume~1\admin\applic~1\holdbi~1\BagsArmyCdrom.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[09/03/2008|10:58] C:\Program Files\Adobe
[23/06/2008|15:42] C:\Program Files\altcmd
[08/09/2007|16:01] C:\Program Files\Alwil Software
[21/06/2008|14:10] C:\Program Files\AntiSpywareExpert
[20/02/2008|16:27] C:\Program Files\Apple Software Update
[13/09/2007|17:51] C:\Program Files\ASUS
[08/09/2007|15:37] C:\Program Files\ATI Technologies
[17/02/2008|15:55] C:\Program Files\AVS4YOU
[26/05/2008|06:37] C:\Program Files\BitTorrent Fastest Tool
[13/09/2007|17:51] C:\Program Files\C-Media 3D Audio
[08/09/2007|15:22] C:\Program Files\ComPlus Applications
[14/05/2008|17:57] C:\Program Files\directx
[17/06/2008|21:53] C:\Program Files\eMule
[21/06/2008|21:21] C:\Program Files\Fichiers communs
[14/05/2008|18:03] C:\Program Files\GameShadow
[10/09/2007|15:32] C:\Program Files\Google
[21/06/2008|21:19] C:\Program Files\Holdbindeaf
[14/05/2008|17:56] C:\Program Files\InstallShield Installation Information
[17/12/2007|17:27] C:\Program Files\Internet Explorer
[26/02/2008|19:40] C:\Program Files\iPod
[08/09/2007|15:47] C:\Program Files\iTunes
[14/08/2007|13:11] C:\Program Files\iWin.com
[10/09/2007|13:33] C:\Program Files\Java
[08/09/2007|15:59] C:\Program Files\K-Lite Codec Pack
[20/06/2008|21:55] C:\Program Files\Lavasoft
[21/06/2008|14:52] C:\Program Files\L'EntraŒneur 2007
[14/05/2008|17:55] C:\Program Files\L'EntraŒneur 5
[27/11/2007|21:12] C:\Program Files\LimeWire
[14/09/2007|20:34] C:\Program Files\Maxis
[08/09/2007|15:26] C:\Program Files\microsoft frontpage
[08/09/2007|15:41] C:\Program Files\Microsoft Office
[08/09/2007|15:26] C:\Program Files\movie maker
[23/06/2008|15:45] C:\Program Files\Mozilla Firefox
[09/09/2007|15:34] C:\Program Files\MSBuild
[14/10/2007|17:59] C:\Program Files\MSN Games
[08/09/2007|15:26] C:\Program Files\msn gaming zone
[22/06/2008|09:46] C:\Program Files\Navilog1
[08/09/2007|15:24] C:\Program Files\NetMeeting
[08/09/2007|15:27] C:\Program Files\Outlook Express
[08/09/2007|15:47] C:\Program Files\QuickTime
[08/09/2007|15:59] C:\Program Files\Real Alternative
[09/09/2007|15:30] C:\Program Files\Reference Assemblies
[08/09/2007|15:24] C:\Program Files\Services en ligne
[20/06/2008|20:06] C:\Program Files\syscmd
[20/06/2008|21:38] C:\Program Files\SystemDefender
[21/06/2008|18:38] C:\Program Files\Trend Micro
[14/08/2007|13:11] C:\Program Files\Trymedia
[08/09/2007|15:29] C:\Program Files\Uninstall Information
[17/02/2008|18:42] C:\Program Files\uTorrent
[08/09/2007|15:31] C:\Program Files\VIA
[26/03/2008|00:14] C:\Program Files\Winamp
[22/03/2008|17:12] C:\Program Files\Winamp Toolbar
[26/02/2008|19:55] C:\Program Files\Windows Live
[18/11/2007|16:06] C:\Program Files\Windows Media Player
[08/09/2007|15:26] C:\Program Files\Windows NT
[08/09/2007|15:24] C:\Program Files\WindowsUpdate
[23/11/2007|00:39] C:\Program Files\WinRAR
[08/09/2007|15:26] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[09/03/2008|10:58] C:\Program Files\Fichiers communs\Adobe
[08/09/2007|15:46] C:\Program Files\Fichiers communs\Apple
[17/02/2008|15:55] C:\Program Files\Fichiers communs\AVSMedia
[08/09/2007|15:41] C:\Program Files\Fichiers communs\DESIGNER
[08/09/2007|15:35] C:\Program Files\Fichiers communs\InstallShield
[10/09/2007|13:31] C:\Program Files\Fichiers communs\Java
[26/02/2008|19:04] C:\Program Files\Fichiers communs\Microsoft Shared
[08/09/2007|15:24] C:\Program Files\Fichiers communs\MSSoap
[08/09/2007|17:17] C:\Program Files\Fichiers communs\ODBC
[08/09/2007|15:24] C:\Program Files\Fichiers communs\Services
[08/09/2007|17:17] C:\Program Files\Fichiers communs\SpeechEngines
[08/09/2007|15:23] C:\Program Files\Fichiers communs\System
[21/06/2008|21:21] C:\Program Files\Fichiers communs\SystemErrorFixer
[26/02/2008|18:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|21:54] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 36
IEXPLORE.EXE ~ [316]
IEXPLORE.EXE ~ [420]
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\Admin\LOCALS~1\Temp\bis15.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\BagsArmyCdrom.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\kctociyd.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\team grey.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\uokxtcmw.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default\roam web.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\BagsArmyCdrom.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\kctociyd.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\team grey.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\uokxtcmw.exe
C:\Program Files\holdbi~1
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
C:\Program Files\BitTorrent Fastest Tool\BitP.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\WINDOWS\Prefetch\BAGSARMYCDROM.EXE-2CBBE558.pf
C:\DOCUME~1\Admin\Cookies\admin@www.adserver5[1].txt
C:\DOCUME~1\Admin\Cookies\admin@adultfriendfinder[2].txt
C:\DOCUME~1\Admin\Cookies\admin@adin.bigpoint[1].txt
C:\DOCUME~1\Admin\Cookies\admin@bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@fr1.darkorbit.bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.casinoking[2].txt
C:\DOCUME~1\Admin\Cookies\admin@casinoking[1].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[3].txt
C:\DOCUME~1\Admin\Cookies\admin@cotedazurpalace[2].txt
C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[2].txt
C:\DOCUME~1\Admin\Cookies\admin@pacificpoker[1].txt
C:\DOCUME~1\Admin\Cookies\admin@partypoker[1].txt
C:\DOCUME~1\Admin\Cookies\admin@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@32vegas[1].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[2].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[3].txt
C:\DOCUME~1\Admin\Cookies\admin@www.vegasaffiliates[1].txt
C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[1].txt
C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[2].txt
C:\DOCUME~1\Admin\Cookies\admin@gonzovids[2].txt
C:\DOCUME~1\Admin\Cookies\admin@megasitio[1].txt
C:\DOCUME~1\Admin\Cookies\admin@www.be2[1].txt
C:\DOCUME~1\Admin\Cookies\admin@st[41].txt
C:\DOCUME~1\Admin\Cookies\admin@888[1].txt
C:\DOCUME~1\Admin\Cookies\admin@888[2].txt
C:\WINDOWS\Tasks\AFE27A0D9189EE29.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyWaveMeal]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Admin\\APPLIC~1\\HOLDBI~1\\team grey.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dvd Heart"="C:\\DOCUME~1\\Admin\\APPLIC~1\\HOLDBI~1\\team grey.exe"
"Dvd Heart"="C:\\DOCUME~1\\Admin\\APPLIC~1\\HOLDBI~1\\team grey.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"warn default inter for"="C:\\Documents and Settings\\All Users\\Application Data\\Time Dead Warn Default\\roam web.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 15:56:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Admin\Cookies\admin@inthecrack[1].txt
[F:3831][D:69]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:3833][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:105][D:5]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 15:57:36,17 ]----------------------
et le second Smitfraudfix
SmitFraudFix v2.328
Rapport fait à 15:46:44,00, 23/06/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\SystemErrorFixer\strpmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
10.18.250.4 download.microsoft.com
10.18.250.4 downloads.microsoft.com
10.18.250.4 go.microsoft.com
10.18.250.4 microsoft.com
10.18.250.4 msdn.microsoft.com
10.18.250.4 office.microsoft.com
10.18.250.4 support.microsoft.com
10.18.250.4 windowsupdate.microsoft.com
10.18.250.4 www.microsoft.com
10.18.250.4 pandasoftware.com
10.18.250.4 www.pandasoftware.com
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected PRESENT !
C:\WINDOWS\shell.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\printer.exe PRESENT !
C:\WINDOWS\system32\spoolvs.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\DMARRA~1\findfast.exe PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: altcmd32.dll
BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432}
TypeLib: {A8954909-1F0F-41A5-A7FA-3B376D69E226}
Interface: {967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
Interface: {9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
VersionIndependentProgID: MsVCL1.BhoApp
ProgID: MsVCL1.BhoApp.1
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wowfx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voila,je vous remercie beaucoup
j'ai effectué ce que vous m'avez indiqué de faire hier,et voici les deux rapport
le 1er lop S&D
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Admin ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 23/06/2008 | 15:49:08,46 ] [ PC : XPSP2-3394172EB ]
[ MAJ : 21-06-2008 | 15:15 ]
-------------[ Listing des dossiers dans Application Data ]------------
[08/09/2007|16:02] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[08/09/2007|15:47] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\Admin\APPLIC~1\desktop.ini
[11/08/2007|19:25] C:\DOCUME~1\Admin\APPLIC~1\Google
[21/06/2008|21:23] C:\DOCUME~1\Admin\APPLIC~1\Holdbindeaf
[08/09/2007|15:29] C:\DOCUME~1\Admin\APPLIC~1\Identities
[12/08/2007|12:23] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[27/11/2007|21:39] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[04/02/2008|22:23] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[13/09/2007|18:11] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[27/09/2007|09:37] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[08/09/2007|16:31] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[09/09/2007|20:42] C:\DOCUME~1\Admin\APPLIC~1\Real
[11/08/2007|16:40] C:\DOCUME~1\Admin\APPLIC~1\Sun
[24/10/2005|13:06] C:\DOCUME~1\Admin\APPLIC~1\sysdefender.exe
[25/05/2008|15:52] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[23/06/2008|15:42] C:\DOCUME~1\Admin\APPLIC~1\temp.dll
[23/05/2008|12:10] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[23/11/2007|00:57] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[08/09/2007|17:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[09/03/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/09/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/09/2007|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[10/09/2007|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/06/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/02/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/09/2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer
[23/06/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[21/06/2008|21:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
[22/03/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[26/02/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/02/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/09/2007|17:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/06/2008|14:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/10/2005|19:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\printer.exe
[20/06/2008|14:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun
[21/06/2008|12:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[20/06/2008|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[27/10/2005|00:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\printer.exe
[21/06/2008|13:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Real
[21/06/2008|12:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Sun
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[23/06/2008 15:00][--ah-----] C:\WINDOWS\tasks\AFE27A0D9189EE29.job
[18/06/2008 16:38][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/06/2008 15:41][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
AFE27A0D9189EE29.job <--> c:\docume~1\admin\applic~1\holdbi~1\BagsArmyCdrom.exe
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[09/03/2008|10:58] C:\Program Files\Adobe
[23/06/2008|15:42] C:\Program Files\altcmd
[08/09/2007|16:01] C:\Program Files\Alwil Software
[21/06/2008|14:10] C:\Program Files\AntiSpywareExpert
[20/02/2008|16:27] C:\Program Files\Apple Software Update
[13/09/2007|17:51] C:\Program Files\ASUS
[08/09/2007|15:37] C:\Program Files\ATI Technologies
[17/02/2008|15:55] C:\Program Files\AVS4YOU
[26/05/2008|06:37] C:\Program Files\BitTorrent Fastest Tool
[13/09/2007|17:51] C:\Program Files\C-Media 3D Audio
[08/09/2007|15:22] C:\Program Files\ComPlus Applications
[14/05/2008|17:57] C:\Program Files\directx
[17/06/2008|21:53] C:\Program Files\eMule
[21/06/2008|21:21] C:\Program Files\Fichiers communs
[14/05/2008|18:03] C:\Program Files\GameShadow
[10/09/2007|15:32] C:\Program Files\Google
[21/06/2008|21:19] C:\Program Files\Holdbindeaf
[14/05/2008|17:56] C:\Program Files\InstallShield Installation Information
[17/12/2007|17:27] C:\Program Files\Internet Explorer
[26/02/2008|19:40] C:\Program Files\iPod
[08/09/2007|15:47] C:\Program Files\iTunes
[14/08/2007|13:11] C:\Program Files\iWin.com
[10/09/2007|13:33] C:\Program Files\Java
[08/09/2007|15:59] C:\Program Files\K-Lite Codec Pack
[20/06/2008|21:55] C:\Program Files\Lavasoft
[21/06/2008|14:52] C:\Program Files\L'EntraŒneur 2007
[14/05/2008|17:55] C:\Program Files\L'EntraŒneur 5
[27/11/2007|21:12] C:\Program Files\LimeWire
[14/09/2007|20:34] C:\Program Files\Maxis
[08/09/2007|15:26] C:\Program Files\microsoft frontpage
[08/09/2007|15:41] C:\Program Files\Microsoft Office
[08/09/2007|15:26] C:\Program Files\movie maker
[23/06/2008|15:45] C:\Program Files\Mozilla Firefox
[09/09/2007|15:34] C:\Program Files\MSBuild
[14/10/2007|17:59] C:\Program Files\MSN Games
[08/09/2007|15:26] C:\Program Files\msn gaming zone
[22/06/2008|09:46] C:\Program Files\Navilog1
[08/09/2007|15:24] C:\Program Files\NetMeeting
[08/09/2007|15:27] C:\Program Files\Outlook Express
[08/09/2007|15:47] C:\Program Files\QuickTime
[08/09/2007|15:59] C:\Program Files\Real Alternative
[09/09/2007|15:30] C:\Program Files\Reference Assemblies
[08/09/2007|15:24] C:\Program Files\Services en ligne
[20/06/2008|20:06] C:\Program Files\syscmd
[20/06/2008|21:38] C:\Program Files\SystemDefender
[21/06/2008|18:38] C:\Program Files\Trend Micro
[14/08/2007|13:11] C:\Program Files\Trymedia
[08/09/2007|15:29] C:\Program Files\Uninstall Information
[17/02/2008|18:42] C:\Program Files\uTorrent
[08/09/2007|15:31] C:\Program Files\VIA
[26/03/2008|00:14] C:\Program Files\Winamp
[22/03/2008|17:12] C:\Program Files\Winamp Toolbar
[26/02/2008|19:55] C:\Program Files\Windows Live
[18/11/2007|16:06] C:\Program Files\Windows Media Player
[08/09/2007|15:26] C:\Program Files\Windows NT
[08/09/2007|15:24] C:\Program Files\WindowsUpdate
[23/11/2007|00:39] C:\Program Files\WinRAR
[08/09/2007|15:26] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[09/03/2008|10:58] C:\Program Files\Fichiers communs\Adobe
[08/09/2007|15:46] C:\Program Files\Fichiers communs\Apple
[17/02/2008|15:55] C:\Program Files\Fichiers communs\AVSMedia
[08/09/2007|15:41] C:\Program Files\Fichiers communs\DESIGNER
[08/09/2007|15:35] C:\Program Files\Fichiers communs\InstallShield
[10/09/2007|13:31] C:\Program Files\Fichiers communs\Java
[26/02/2008|19:04] C:\Program Files\Fichiers communs\Microsoft Shared
[08/09/2007|15:24] C:\Program Files\Fichiers communs\MSSoap
[08/09/2007|17:17] C:\Program Files\Fichiers communs\ODBC
[08/09/2007|15:24] C:\Program Files\Fichiers communs\Services
[08/09/2007|17:17] C:\Program Files\Fichiers communs\SpeechEngines
[08/09/2007|15:23] C:\Program Files\Fichiers communs\System
[21/06/2008|21:21] C:\Program Files\Fichiers communs\SystemErrorFixer
[26/02/2008|18:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|21:54] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 36
IEXPLORE.EXE ~ [316]
IEXPLORE.EXE ~ [420]
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\Admin\LOCALS~1\Temp\bis15.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\BagsArmyCdrom.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\kctociyd.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\team grey.exe
C:\DOCUME~1\Admin\APPLIC~1\HOLDBI~1\uokxtcmw.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default\roam web.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\BagsArmyCdrom.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\kctociyd.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\team grey.exe
C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\uokxtcmw.exe
C:\Program Files\holdbi~1
C:\Program Files\BitTorrent Fastest Tool
C:\Program Files\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
C:\Program Files\BitTorrent Fastest Tool\BitP.exe
C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
C:\WINDOWS\Prefetch\BAGSARMYCDROM.EXE-2CBBE558.pf
C:\DOCUME~1\Admin\Cookies\admin@www.adserver5[1].txt
C:\DOCUME~1\Admin\Cookies\admin@adultfriendfinder[2].txt
C:\DOCUME~1\Admin\Cookies\admin@adin.bigpoint[1].txt
C:\DOCUME~1\Admin\Cookies\admin@bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@fr1.darkorbit.bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.casinoking[2].txt
C:\DOCUME~1\Admin\Cookies\admin@casinoking[1].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[2].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[3].txt
C:\DOCUME~1\Admin\Cookies\admin@cotedazurpalace[2].txt
C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[2].txt
C:\DOCUME~1\Admin\Cookies\admin@pacificpoker[1].txt
C:\DOCUME~1\Admin\Cookies\admin@partypoker[1].txt
C:\DOCUME~1\Admin\Cookies\admin@fr1.seafight.bigpoint[2].txt
C:\DOCUME~1\Admin\Cookies\admin@32vegas[1].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[2].txt
C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[3].txt
C:\DOCUME~1\Admin\Cookies\admin@www.vegasaffiliates[1].txt
C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[1].txt
C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[2].txt
C:\DOCUME~1\Admin\Cookies\admin@gonzovids[2].txt
C:\DOCUME~1\Admin\Cookies\admin@megasitio[1].txt
C:\DOCUME~1\Admin\Cookies\admin@www.be2[1].txt
C:\DOCUME~1\Admin\Cookies\admin@st[41].txt
C:\DOCUME~1\Admin\Cookies\admin@888[1].txt
C:\DOCUME~1\Admin\Cookies\admin@888[2].txt
C:\WINDOWS\Tasks\AFE27A0D9189EE29.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyWaveMeal]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Admin\\APPLIC~1\\HOLDBI~1\\team grey.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dvd Heart"="C:\\DOCUME~1\\Admin\\APPLIC~1\\HOLDBI~1\\team grey.exe"
"Dvd Heart"="C:\\DOCUME~1\\Admin\\APPLIC~1\\HOLDBI~1\\team grey.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"warn default inter for"="C:\\Documents and Settings\\All Users\\Application Data\\Time Dead Warn Default\\roam web.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 15:56:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Admin\Cookies\admin@inthecrack[1].txt
[F:3831][D:69]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:3833][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:105][D:5]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 15:57:36,17 ]----------------------
et le second Smitfraudfix
SmitFraudFix v2.328
Rapport fait à 15:46:44,00, 23/06/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\SystemErrorFixer\strpmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
10.18.250.4 download.microsoft.com
10.18.250.4 downloads.microsoft.com
10.18.250.4 go.microsoft.com
10.18.250.4 microsoft.com
10.18.250.4 msdn.microsoft.com
10.18.250.4 office.microsoft.com
10.18.250.4 support.microsoft.com
10.18.250.4 windowsupdate.microsoft.com
10.18.250.4 www.microsoft.com
10.18.250.4 pandasoftware.com
10.18.250.4 www.pandasoftware.com
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected PRESENT !
C:\WINDOWS\shell.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\printer.exe PRESENT !
C:\WINDOWS\system32\spoolvs.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\DMARRA~1\findfast.exe PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\.protected PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: altcmd32.dll
BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432}
TypeLib: {A8954909-1F0F-41A5-A7FA-3B376D69E226}
Interface: {967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
Interface: {9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
VersionIndependentProgID: MsVCL1.BhoApp
ProgID: MsVCL1.BhoApp.1
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wowfx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets
DNS Server Search Order: 89.2.0.1
DNS Server Search Order: 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
voila,je vous remercie beaucoup
je voudrais vous demander comment faire pour résoudre des problèmes avec les rapport
*moi je ne comprend rien au rapport
*moi je ne comprend rien au rapport
Il faut apprendre à les analyser.
Jaheim :
*Relance LopS&D
*Choisis l'option 2
*Copie/colle le rapport
----------------------------------------------------------------------------------------------------------------------------------
*Redémarre en mode sans échec
https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/
*Relance SmitfraudFix,
*Choisis 2, et appuie sur Entrée
*Tape O (oui) à la question : voulez-vous nettoyer le registre ?
*Tape O (oui) à la question : corriger le fichier infecté ?
*Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage (SmitfraudFix te le dira si besoin).
*Un rapport sera à la racine de ton disque dur sous le nom de C:\rapport.txt
*Copie/colle le dans ta prochaine réponse.
Jaheim :
*Relance LopS&D
*Choisis l'option 2
*Copie/colle le rapport
----------------------------------------------------------------------------------------------------------------------------------
*Redémarre en mode sans échec
https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/
*Relance SmitfraudFix,
*Choisis 2, et appuie sur Entrée
*Tape O (oui) à la question : voulez-vous nettoyer le registre ?
*Tape O (oui) à la question : corriger le fichier infecté ?
*Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage (SmitfraudFix te le dira si besoin).
*Un rapport sera à la racine de ton disque dur sous le nom de C:\rapport.txt
*Copie/colle le dans ta prochaine réponse.
re
voila j'ai fait tout ce ke vous m'avez demandé et voici les rapports
SmitFraudFix v2.328
Rapport fait à 17:07:10,84, 23/06/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 ca.com
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 customer.symantec.com
10.18.250.4 dispatch.mcafee.com
10.18.250.4 download.mcafee.com
10.18.250.4 downloads-us1.kaspersky-labs.com
10.18.250.4 downloads-us2.kaspersky-labs.com
10.18.250.4 downloads-us3.kaspersky-labs.com
10.18.250.4 downloads1.kaspersky-labs.com
10.18.250.4 downloads2.kaspersky-labs.com
10.18.250.4 downloads3.kaspersky-labs.com
10.18.250.4 downloads4.kaspersky-labs.com
10.18.250.4 engine.awaps.net
10.18.250.4 f-secure.com
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.downloads1.kaspersky-labs.com
10.18.250.4 ftp.downloads2.kaspersky-labs.com
10.18.250.4 ftp.downloads3.kaspersky-labs.com
10.18.250.4 ftp.f-secure.com
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 ftp.sophos.com
10.18.250.4 ids.kaspersky-labs.com
10.18.250.4 kaspersky-labs.com
10.18.250.4 kaspersky.com
10.18.250.4 liveupdate.symantec.com
10.18.250.4 liveupdate.symantecliveupdate.com
10.18.250.4 mast.mcafee.com
10.18.250.4 mcafee.com
10.18.250.4 media.fastclick.net
10.18.250.4 my-etrust.com
10.18.250.4 nai.com
10.18.250.4 networkassociates.com
10.18.250.4 norton.com
10.18.250.4 phx.corporate-ir.net
10.18.250.4 rads.mcafee.com
10.18.250.4 secure.nai.com
10.18.250.4 securityresponse.symantec.com
10.18.250.4 service1.symantec.com
10.18.250.4 sophos.com
10.18.250.4 spd.atdmt.com
10.18.250.4 symantec.com
10.18.250.4 trendmicro.com
10.18.250.4 update.symantec.com
10.18.250.4 updates.symantec.com
10.18.250.4 updates1.kaspersky-labs.com
10.18.250.4 updates2.kaspersky-labs.com
10.18.250.4 updates3.kaspersky-labs.com
10.18.250.4 updates4.kaspersky-labs.com
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 us.mcafee.com
10.18.250.4 vil.nai.com
10.18.250.4 viruslist.com
10.18.250.4 viruslist.ru
10.18.250.4 virusscan.jotti.org
10.18.250.4 virustotal.com
10.18.250.4 www.avp.ch
10.18.250.4 www.avp.com
10.18.250.4 www.avp.ru
10.18.250.4 www.awaps.net
10.18.250.4 www.ca.com
10.18.250.4 www.f-secure.com
10.18.250.4 www.fastclick.net
10.18.250.4 www.grisoft.com
10.18.250.4 www.kaspersky-labs.com
10.18.250.4 www.kaspersky.com
10.18.250.4 www.kaspersky.ru
10.18.250.4 www.mcafee.com
10.18.250.4 www.my-etrust.com
10.18.250.4 www.nai.com
10.18.250.4 www.networkassociates.com
10.18.250.4 www.sophos.com
10.18.250.4 www.symantec.com
10.18.250.4 www.trendmicro.com
10.18.250.4 www.viruslist.com
10.18.250.4 www.viruslist.ru
10.18.250.4 www.virustotal.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et voici le deuxieme
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Admin ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 23/06/2008 | 16:29:48,26 ] [ PC : XPSP2-3394172EB ]
[ MAJ : 21-06-2008 | 15:15 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default\roam web.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\BagsArmyCdrom.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\kctociyd.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\team grey.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\uokxtcmw.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\BitP.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprime! - C:\WINDOWS\Prefetch\BAGSARMYCDROM.EXE-2CBBE558.pf
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@adin.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@bigpoint[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@fr1.darkorbit.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@fr1.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@casinoking[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[3].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@partypoker[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[3].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.vegasaffiliates[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@gonzovids[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@megasitio[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.be2[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@st[41].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@888[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@888[2].txt
Supprime! - C:\WINDOWS\Tasks\AFE27A0D9189EE29.job
Supprime! - C:\DOCUME~1\Admin\LOCALS~1\Temp\bis15.exe
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1
Supprime! - C:\Program Files\holdbi~1
Supprime! - C:\Program Files\BitTorrent Fastest Tool
\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default\roam web.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans APPLIC~1 ]------------
[08/09/2007|16:02] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[08/09/2007|15:47] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\Admin\APPLIC~1\desktop.ini
[11/08/2007|19:25] C:\DOCUME~1\Admin\APPLIC~1\Google
[08/09/2007|15:29] C:\DOCUME~1\Admin\APPLIC~1\Identities
[12/08/2007|12:23] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[27/11/2007|21:39] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[04/02/2008|22:23] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[13/09/2007|18:11] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[27/09/2007|09:37] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[08/09/2007|16:31] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[09/09/2007|20:42] C:\DOCUME~1\Admin\APPLIC~1\Real
[11/08/2007|16:40] C:\DOCUME~1\Admin\APPLIC~1\Sun
[24/10/2005|13:06] C:\DOCUME~1\Admin\APPLIC~1\sysdefender.exe
[25/05/2008|15:52] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[23/06/2008|16:26] C:\DOCUME~1\Admin\APPLIC~1\temp.dll
[23/06/2008|15:55] C:\DOCUME~1\Admin\APPLIC~1\ultra
[23/05/2008|12:10] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[23/11/2007|00:57] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[08/09/2007|17:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[09/03/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/09/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/09/2007|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[10/09/2007|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/06/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/02/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/09/2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer
[23/06/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/03/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[26/02/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/02/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/09/2007|17:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/06/2008|14:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/10/2005|19:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\printer.exe
[20/06/2008|14:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun
[21/06/2008|12:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[20/06/2008|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[27/10/2005|00:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\printer.exe
[21/06/2008|13:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Real
[21/06/2008|12:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Sun
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[18/06/2008 16:38][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/06/2008 15:41][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[09/03/2008|10:58] C:\Program Files\Adobe
[23/06/2008|16:26] C:\Program Files\altcmd
[08/09/2007|16:01] C:\Program Files\Alwil Software
[21/06/2008|14:10] C:\Program Files\AntiSpywareExpert
[20/02/2008|16:27] C:\Program Files\Apple Software Update
[13/09/2007|17:51] C:\Program Files\ASUS
[08/09/2007|15:37] C:\Program Files\ATI Technologies
[17/02/2008|15:55] C:\Program Files\AVS4YOU
[13/09/2007|17:51] C:\Program Files\C-Media 3D Audio
[08/09/2007|15:22] C:\Program Files\ComPlus Applications
[14/05/2008|17:57] C:\Program Files\directx
[17/06/2008|21:53] C:\Program Files\eMule
[21/06/2008|21:21] C:\Program Files\Fichiers communs
[14/05/2008|18:03] C:\Program Files\GameShadow
[10/09/2007|15:32] C:\Program Files\Google
[14/05/2008|17:56] C:\Program Files\InstallShield Installation Information
[17/12/2007|17:27] C:\Program Files\Internet Explorer
[26/02/2008|19:40] C:\Program Files\iPod
[08/09/2007|15:47] C:\Program Files\iTunes
[14/08/2007|13:11] C:\Program Files\iWin.com
[10/09/2007|13:33] C:\Program Files\Java
[08/09/2007|15:59] C:\Program Files\K-Lite Codec Pack
[20/06/2008|21:55] C:\Program Files\Lavasoft
[21/06/2008|14:52] C:\Program Files\L'EntraŒneur 2007
[14/05/2008|17:55] C:\Program Files\L'EntraŒneur 5
[27/11/2007|21:12] C:\Program Files\LimeWire
[14/09/2007|20:34] C:\Program Files\Maxis
[08/09/2007|15:26] C:\Program Files\microsoft frontpage
[08/09/2007|15:41] C:\Program Files\Microsoft Office
[08/09/2007|15:26] C:\Program Files\movie maker
[23/06/2008|15:53] C:\Program Files\Mozilla Firefox
[09/09/2007|15:34] C:\Program Files\MSBuild
[14/10/2007|17:59] C:\Program Files\MSN Games
[08/09/2007|15:26] C:\Program Files\msn gaming zone
[22/06/2008|09:46] C:\Program Files\Navilog1
[08/09/2007|15:24] C:\Program Files\NetMeeting
[08/09/2007|15:27] C:\Program Files\Outlook Express
[08/09/2007|15:47] C:\Program Files\QuickTime
[08/09/2007|15:59] C:\Program Files\Real Alternative
[09/09/2007|15:30] C:\Program Files\Reference Assemblies
[08/09/2007|15:24] C:\Program Files\Services en ligne
[20/06/2008|20:06] C:\Program Files\syscmd
[20/06/2008|21:38] C:\Program Files\SystemDefender
[21/06/2008|18:38] C:\Program Files\Trend Micro
[14/08/2007|13:11] C:\Program Files\Trymedia
[08/09/2007|15:29] C:\Program Files\Uninstall Information
[17/02/2008|18:42] C:\Program Files\uTorrent
[08/09/2007|15:31] C:\Program Files\VIA
[26/03/2008|00:14] C:\Program Files\Winamp
[22/03/2008|17:12] C:\Program Files\Winamp Toolbar
[26/02/2008|19:55] C:\Program Files\Windows Live
[18/11/2007|16:06] C:\Program Files\Windows Media Player
[08/09/2007|15:26] C:\Program Files\Windows NT
[08/09/2007|15:24] C:\Program Files\WindowsUpdate
[23/11/2007|00:39] C:\Program Files\WinRAR
[08/09/2007|15:26] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[09/03/2008|10:58] C:\Program Files\Fichiers communs\Adobe
[08/09/2007|15:46] C:\Program Files\Fichiers communs\Apple
[17/02/2008|15:55] C:\Program Files\Fichiers communs\AVSMedia
[08/09/2007|15:41] C:\Program Files\Fichiers communs\DESIGNER
[08/09/2007|15:35] C:\Program Files\Fichiers communs\InstallShield
[10/09/2007|13:31] C:\Program Files\Fichiers communs\Java
[26/02/2008|19:04] C:\Program Files\Fichiers communs\Microsoft Shared
[08/09/2007|15:24] C:\Program Files\Fichiers communs\MSSoap
[08/09/2007|17:17] C:\Program Files\Fichiers communs\ODBC
[08/09/2007|15:24] C:\Program Files\Fichiers communs\Services
[08/09/2007|17:17] C:\Program Files\Fichiers communs\SpeechEngines
[08/09/2007|15:23] C:\Program Files\Fichiers communs\System
[21/06/2008|21:21] C:\Program Files\Fichiers communs\SystemErrorFixer
[26/02/2008|18:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|21:54] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 31
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[1].txt
C:\DOCUME~1\Admin\Cookies\admin@32vegas[2].txt
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 16:35:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Admin\Cookies\admin@inthecrack[1].txt
[F:3830][D:69]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:3812][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:180][D:5]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 16:37:10,68 ]----------------------
merci
encore
voila j'ai fait tout ce ke vous m'avez demandé et voici les rapports
SmitFraudFix v2.328
Rapport fait à 17:07:10,84, 23/06/2008
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 ca.com
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 customer.symantec.com
10.18.250.4 dispatch.mcafee.com
10.18.250.4 download.mcafee.com
10.18.250.4 downloads-us1.kaspersky-labs.com
10.18.250.4 downloads-us2.kaspersky-labs.com
10.18.250.4 downloads-us3.kaspersky-labs.com
10.18.250.4 downloads1.kaspersky-labs.com
10.18.250.4 downloads2.kaspersky-labs.com
10.18.250.4 downloads3.kaspersky-labs.com
10.18.250.4 downloads4.kaspersky-labs.com
10.18.250.4 engine.awaps.net
10.18.250.4 f-secure.com
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.downloads1.kaspersky-labs.com
10.18.250.4 ftp.downloads2.kaspersky-labs.com
10.18.250.4 ftp.downloads3.kaspersky-labs.com
10.18.250.4 ftp.f-secure.com
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 ftp.sophos.com
10.18.250.4 ids.kaspersky-labs.com
10.18.250.4 kaspersky-labs.com
10.18.250.4 kaspersky.com
10.18.250.4 liveupdate.symantec.com
10.18.250.4 liveupdate.symantecliveupdate.com
10.18.250.4 mast.mcafee.com
10.18.250.4 mcafee.com
10.18.250.4 media.fastclick.net
10.18.250.4 my-etrust.com
10.18.250.4 nai.com
10.18.250.4 networkassociates.com
10.18.250.4 norton.com
10.18.250.4 phx.corporate-ir.net
10.18.250.4 rads.mcafee.com
10.18.250.4 secure.nai.com
10.18.250.4 securityresponse.symantec.com
10.18.250.4 service1.symantec.com
10.18.250.4 sophos.com
10.18.250.4 spd.atdmt.com
10.18.250.4 symantec.com
10.18.250.4 trendmicro.com
10.18.250.4 update.symantec.com
10.18.250.4 updates.symantec.com
10.18.250.4 updates1.kaspersky-labs.com
10.18.250.4 updates2.kaspersky-labs.com
10.18.250.4 updates3.kaspersky-labs.com
10.18.250.4 updates4.kaspersky-labs.com
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 us.mcafee.com
10.18.250.4 vil.nai.com
10.18.250.4 viruslist.com
10.18.250.4 viruslist.ru
10.18.250.4 virusscan.jotti.org
10.18.250.4 virustotal.com
10.18.250.4 www.avp.ch
10.18.250.4 www.avp.com
10.18.250.4 www.avp.ru
10.18.250.4 www.awaps.net
10.18.250.4 www.ca.com
10.18.250.4 www.f-secure.com
10.18.250.4 www.fastclick.net
10.18.250.4 www.grisoft.com
10.18.250.4 www.kaspersky-labs.com
10.18.250.4 www.kaspersky.com
10.18.250.4 www.kaspersky.ru
10.18.250.4 www.mcafee.com
10.18.250.4 www.my-etrust.com
10.18.250.4 www.nai.com
10.18.250.4 www.networkassociates.com
10.18.250.4 www.sophos.com
10.18.250.4 www.symantec.com
10.18.250.4 www.trendmicro.com
10.18.250.4 www.viruslist.com
10.18.250.4 www.viruslist.ru
10.18.250.4 www.virustotal.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D8A004F7-7530-4EAF-865D-36748B5B903F}: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et voici le deuxieme
-----------------------[ Lop S&D 4.2.1-7 XP/Vista ]---------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Admin ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 23/06/2008 | 16:29:48,26 ] [ PC : XPSP2-3394172EB ]
[ MAJ : 21-06-2008 | 15:15 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default\roam web.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\BagsArmyCdrom.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\kctociyd.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\team grey.exe
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1\uokxtcmw.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\3wPlayer-1.9.0.0-setup-0312.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\BitP.exe
Supprime! - C:\Program Files\BitTorrent Fastest Tool\INSTALL.LOG
Supprime! - C:\WINDOWS\Prefetch\BAGSARMYCDROM.EXE-2CBBE558.pf
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.adserver5[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@adultfriendfinder[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@adin.bigpoint[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@bigpoint[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@fr1.darkorbit.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@fr1.seafight.bigpoint[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@casinoking[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.cotedazurpalace[3].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@pacificpoker[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@partypoker[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@banner.32vegas[3].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.vegasaffiliates[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.2xmoinscher[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@gonzovids[2].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@megasitio[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@www.be2[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@st[41].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@888[1].txt
Supprime! - C:\DOCUME~1\Admin\Cookies\admin@888[2].txt
Supprime! - C:\WINDOWS\Tasks\AFE27A0D9189EE29.job
Supprime! - C:\DOCUME~1\Admin\LOCALS~1\Temp\bis15.exe
Echec ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
Supprime! - C:\DOCUME~1\Admin\APPLIC~1\holdbi~1
Supprime! - C:\Program Files\holdbi~1
Supprime! - C:\Program Files\BitTorrent Fastest Tool
\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default\roam web.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Time Dead Warn Default
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans APPLIC~1 ]------------
[08/09/2007|16:02] C:\DOCUME~1\Admin\APPLIC~1\Adobe
[08/09/2007|15:47] C:\DOCUME~1\Admin\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\Admin\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\Admin\APPLIC~1\desktop.ini
[11/08/2007|19:25] C:\DOCUME~1\Admin\APPLIC~1\Google
[08/09/2007|15:29] C:\DOCUME~1\Admin\APPLIC~1\Identities
[12/08/2007|12:23] C:\DOCUME~1\Admin\APPLIC~1\InterTrust
[27/11/2007|21:39] C:\DOCUME~1\Admin\APPLIC~1\LimeWire
[04/02/2008|22:23] C:\DOCUME~1\Admin\APPLIC~1\Macromedia
[13/09/2007|18:11] C:\DOCUME~1\Admin\APPLIC~1\Media Player Classic
[27/09/2007|09:37] C:\DOCUME~1\Admin\APPLIC~1\Microsoft
[08/09/2007|16:31] C:\DOCUME~1\Admin\APPLIC~1\Mozilla
[09/09/2007|20:42] C:\DOCUME~1\Admin\APPLIC~1\Real
[11/08/2007|16:40] C:\DOCUME~1\Admin\APPLIC~1\Sun
[24/10/2005|13:06] C:\DOCUME~1\Admin\APPLIC~1\sysdefender.exe
[25/05/2008|15:52] C:\DOCUME~1\Admin\APPLIC~1\TaoUSign
[23/06/2008|16:26] C:\DOCUME~1\Admin\APPLIC~1\temp.dll
[23/06/2008|15:55] C:\DOCUME~1\Admin\APPLIC~1\ultra
[23/05/2008|12:10] C:\DOCUME~1\Admin\APPLIC~1\uTorrent
[23/11/2007|00:57] C:\DOCUME~1\Admin\APPLIC~1\WinRAR
[08/09/2007|17:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[09/03/2008|10:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/09/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[08/09/2007|15:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[17/02/2008|15:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[08/09/2007|17:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[10/09/2007|13:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[20/06/2008|21:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[26/02/2008|19:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/09/2007|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon
[21/06/2008|21:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SystemErrorFixer
[23/06/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/03/2008|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Winamp Toolbar
[26/02/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[26/02/2008|19:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[08/09/2007|17:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[08/09/2007|15:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[20/06/2008|14:11] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/10/2005|19:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\printer.exe
[20/06/2008|14:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Sun
[21/06/2008|12:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
[20/06/2008|19:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[08/09/2007|15:26] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[27/10/2005|00:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\printer.exe
[21/06/2008|13:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Real
[21/06/2008|12:49] C:\DOCUME~1\NETWOR~1\APPLIC~1\Sun
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[18/06/2008 16:38][--a--c---] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[23/06/2008 15:41][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[02/10/2001 18:16][-r-h-c---] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[09/03/2008|10:58] C:\Program Files\Adobe
[23/06/2008|16:26] C:\Program Files\altcmd
[08/09/2007|16:01] C:\Program Files\Alwil Software
[21/06/2008|14:10] C:\Program Files\AntiSpywareExpert
[20/02/2008|16:27] C:\Program Files\Apple Software Update
[13/09/2007|17:51] C:\Program Files\ASUS
[08/09/2007|15:37] C:\Program Files\ATI Technologies
[17/02/2008|15:55] C:\Program Files\AVS4YOU
[13/09/2007|17:51] C:\Program Files\C-Media 3D Audio
[08/09/2007|15:22] C:\Program Files\ComPlus Applications
[14/05/2008|17:57] C:\Program Files\directx
[17/06/2008|21:53] C:\Program Files\eMule
[21/06/2008|21:21] C:\Program Files\Fichiers communs
[14/05/2008|18:03] C:\Program Files\GameShadow
[10/09/2007|15:32] C:\Program Files\Google
[14/05/2008|17:56] C:\Program Files\InstallShield Installation Information
[17/12/2007|17:27] C:\Program Files\Internet Explorer
[26/02/2008|19:40] C:\Program Files\iPod
[08/09/2007|15:47] C:\Program Files\iTunes
[14/08/2007|13:11] C:\Program Files\iWin.com
[10/09/2007|13:33] C:\Program Files\Java
[08/09/2007|15:59] C:\Program Files\K-Lite Codec Pack
[20/06/2008|21:55] C:\Program Files\Lavasoft
[21/06/2008|14:52] C:\Program Files\L'EntraŒneur 2007
[14/05/2008|17:55] C:\Program Files\L'EntraŒneur 5
[27/11/2007|21:12] C:\Program Files\LimeWire
[14/09/2007|20:34] C:\Program Files\Maxis
[08/09/2007|15:26] C:\Program Files\microsoft frontpage
[08/09/2007|15:41] C:\Program Files\Microsoft Office
[08/09/2007|15:26] C:\Program Files\movie maker
[23/06/2008|15:53] C:\Program Files\Mozilla Firefox
[09/09/2007|15:34] C:\Program Files\MSBuild
[14/10/2007|17:59] C:\Program Files\MSN Games
[08/09/2007|15:26] C:\Program Files\msn gaming zone
[22/06/2008|09:46] C:\Program Files\Navilog1
[08/09/2007|15:24] C:\Program Files\NetMeeting
[08/09/2007|15:27] C:\Program Files\Outlook Express
[08/09/2007|15:47] C:\Program Files\QuickTime
[08/09/2007|15:59] C:\Program Files\Real Alternative
[09/09/2007|15:30] C:\Program Files\Reference Assemblies
[08/09/2007|15:24] C:\Program Files\Services en ligne
[20/06/2008|20:06] C:\Program Files\syscmd
[20/06/2008|21:38] C:\Program Files\SystemDefender
[21/06/2008|18:38] C:\Program Files\Trend Micro
[14/08/2007|13:11] C:\Program Files\Trymedia
[08/09/2007|15:29] C:\Program Files\Uninstall Information
[17/02/2008|18:42] C:\Program Files\uTorrent
[08/09/2007|15:31] C:\Program Files\VIA
[26/03/2008|00:14] C:\Program Files\Winamp
[22/03/2008|17:12] C:\Program Files\Winamp Toolbar
[26/02/2008|19:55] C:\Program Files\Windows Live
[18/11/2007|16:06] C:\Program Files\Windows Media Player
[08/09/2007|15:26] C:\Program Files\Windows NT
[08/09/2007|15:24] C:\Program Files\WindowsUpdate
[23/11/2007|00:39] C:\Program Files\WinRAR
[08/09/2007|15:26] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[09/03/2008|10:58] C:\Program Files\Fichiers communs\Adobe
[08/09/2007|15:46] C:\Program Files\Fichiers communs\Apple
[17/02/2008|15:55] C:\Program Files\Fichiers communs\AVSMedia
[08/09/2007|15:41] C:\Program Files\Fichiers communs\DESIGNER
[08/09/2007|15:35] C:\Program Files\Fichiers communs\InstallShield
[10/09/2007|13:31] C:\Program Files\Fichiers communs\Java
[26/02/2008|19:04] C:\Program Files\Fichiers communs\Microsoft Shared
[08/09/2007|15:24] C:\Program Files\Fichiers communs\MSSoap
[08/09/2007|17:17] C:\Program Files\Fichiers communs\ODBC
[08/09/2007|15:24] C:\Program Files\Fichiers communs\Services
[08/09/2007|17:17] C:\Program Files\Fichiers communs\SpeechEngines
[08/09/2007|15:23] C:\Program Files\Fichiers communs\System
[21/06/2008|21:21] C:\Program Files\Fichiers communs\SystemErrorFixer
[26/02/2008|18:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[20/06/2008|21:54] C:\Program Files\Fichiers communs\Wise Installation Wizard
---------------------------[ Process ]--------------------------
... 31
... OK !
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[1].txt
C:\DOCUME~1\Admin\Cookies\admin@32vegas[2].txt
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 16:35:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
=> C:\Documents and Settings\Admin\Cookies\admin@inthecrack[1].txt
[F:3830][D:69]-> C:\DOCUME~1\Admin\LOCALS~1\Temp
[F:3812][D:0]-> C:\DOCUME~1\Admin\Cookies
[F:180][D:5]-> C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 16:37:10,68 ]----------------------
merci
encore
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
On avance petit à petit.
Télécharge OTMoveIt (d’Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double-clique sur [b]OTMoveIt.exe/b pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt: Paste List of Files/Folders to be moved.
C:\DOCUME~1\Admin\APPLIC~1\temp.dll
C:\Documents and Settings\Admin\Cookies\admin@inthecrack[1].txt
C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[1].txt
C:\DOCUME~1\Admin\Cookies\admin@32vegas[2].txt
Clique sur MoveIt! Pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. Exemple:(01282008_131348.log )
Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
Si c'est le cas accepte par Yes
Ensuite,
Vas sur ce site : https://www.virustotal.com/gui/
Clique sur parcourir, recherche ce fichier :
C:\DOCUME~1\LOCALS~1\APPLIC~1\printer.exe
Clique sur Envoyer le fichier
un rapport va etre generé (peut prendre plusieurs minute)
Poste le rapport
Télécharge OTMoveIt (d’Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Double-clique sur [b]OTMoveIt.exe/b pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt: Paste List of Files/Folders to be moved.
C:\DOCUME~1\Admin\APPLIC~1\temp.dll
C:\Documents and Settings\Admin\Cookies\admin@inthecrack[1].txt
C:\DOCUME~1\Admin\Cookies\admin@adopt.euroclick[1].txt
C:\DOCUME~1\Admin\Cookies\admin@32vegas[2].txt
Clique sur MoveIt! Pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. Exemple:(01282008_131348.log )
Il te sera peut-être demander de redémarrer le PC pour achever la suppression.
Si c'est le cas accepte par Yes
Ensuite,
Vas sur ce site : https://www.virustotal.com/gui/
Clique sur parcourir, recherche ce fichier :
C:\DOCUME~1\LOCALS~1\APPLIC~1\printer.exe
Clique sur Envoyer le fichier
un rapport va etre generé (peut prendre plusieurs minute)
Poste le rapport
c'est gentil
je vais faire tout ce que tu m'as dit et je te tiens au courant
merci beaucoup vous êtes très rapide en tout cas