Sujet Précédent Sujet Suivant

Probleme virus HostIE.dll et HostOE.dll

Résolu
The_LizarD -  
The_LizarD Messages postés 16 Statut Membre -
Bonjour,

Apres avoir fait une analyse minutieuse de mon PC grace à avast, j'obtiens ça:
[URL=https://imageshack.com/][IMG]http://img513.imageshack.us/img513/3643/virusshv9.png[/IMG][/URL]
[URL=http://g.imageshack.us/g.php?h=513&i=virusshv9.png][IMG]http://img513.imageshack.us/img513/3643/virusshv9.242464fc01.jpg[/IMG][/URL]
J'ai quelques virus que je ne n'arrive pas à supprimer. J'ai installé kaspersky a la place de avast car on me l'a conseillé et j'ai refait une analyse, je trouve également des virus comme ça (cheval de troie...etc) Quelqu'un aurait-il une solution svp? Mon PC se bloque également au démarrage, mais sans messages d'erreurs, je pense que ça vient de ces virus.
Voici mon rapport par Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:49, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Hercules\DualPix Exchange\CamService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\TeamSpeak 3\TeamSpeak 3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Mehdi\Mes documents\Fichiers téléchargés\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\DualPix Exchange\CamService.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKCU\..\Run: [ocqqyiemp] c:\documents and settings\mehdi\local settings\application data\ocqqyiemp.exe ocqqyiemp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
A voir également:

19 réponses

Réponse 1 / 19
meuhlol Messages postés 2032 Date d'inscription   Statut Membre Dernière intervention   674
 
essayes SDFix
0
Réponse 2 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt
désactive kaspersky puis

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message.
0
Réponse 3 / 19
The_LizarD Messages postés 16 Statut Membre
 
Euh, j'ai pas d'options, Quand j'appuis sur une touche pour continuer, je tombe sur un menu ou il y a
1 - Recherche
2- desafection automatique
3 - desafection automatique sans prise de charge resultats Catchme/GNS
4- desafection manuelle par saisie nom Adware
5 - Quitter

Je fais quoi ?
0
meuhlol Messages postés 2032 Date d'inscription   Statut Membre Dernière intervention   674
 
ce sont les options, appuis sur 1 et puis entrée.
et pour SDFix, le lien que je t'ai donné, t'explique tout :)
0
Réponse 4 / 19
The_LizarD Messages postés 16 Statut Membre
 
Voici le rapport fixnavi:

Search Navipromo version 3.6.5 commencé le 28/08/2008 à 13:32:02,34

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Mehdi"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Mehdi\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIEN~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIEN~2\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Myriam\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Mehdi\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIEN~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIEN~2\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Myriam\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Mehdi\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIEN~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\MARIEN~2\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\Myriam\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Mehdi\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\MARIEN~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\MARIEN~2\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\Myriam\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Mehdi\locals~1\applic~1" :

ocqqyiemp.dat trouvé !
ocqqyiemp_nav.dat trouvé !
ocqqyiemp_navps.dat trouvé !

* Dans "C:\DOCUME~1\MARIEN~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\MARIEN~2\locals~1\applic~1" :

* Dans "C:\DOCUME~1\Myriam\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 28/08/2008 à 13:38:31,09 ***

Je vais essayer SDFix.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok relance navilog , choisi l'option 2 et colles le rapport ainsi qu'un nouvel hijakhtis et dis tes soucis actuels

_________________
0
Réponse 6 / 19
The_LizarD Messages postés 16 Statut Membre
 
J'ai fais toutes les taches de SDFix.
Voici le rapport navilog:

Clean Navipromo version 3.6.5 commencé le 28/08/2008 à 13:58:44,70

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Mehdi"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\Mehdi\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\MARIEN~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\MARIEN~2\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\Myriam\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Mehdi\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIEN~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIEN~2\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Myriam\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Mehdi\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIEN~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIEN~2\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Myriam\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\Mehdi\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIEN~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\MARIEN~2\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\Myriam\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Mehdi\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

* Dans "C:\Documents and Settings\Mehdi\locals~1\applic~1" *

ocqqyiemp.dat trouvé !
Copie ocqqyiemp.dat réalisée avec succès !
ocqqyiemp.dat supprimé !

ocqqyiemp_nav.dat trouvé !
Copie ocqqyiemp_nav.dat réalisée avec succès !
ocqqyiemp_nav.dat supprimé !

ocqqyiemp_navps.dat trouvé !
Copie ocqqyiemp_navps.dat réalisée avec succès !
ocqqyiemp_navps.dat supprimé !

* Dans "C:\DOCUME~1\MARIEN~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\MARIEN~2\locals~1\applic~1" *

* Dans "C:\DOCUME~1\Myriam\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 28/08/2008 à 14:05:37,79 ***

ET voici le hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:57, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Hercules\DualPix Exchange\CamService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mehdi\Mes documents\Fichiers téléchargés\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\DualPix Exchange\CamService.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /M "Stylus CX6600" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
meuhlol Messages postés 2032 Date d'inscription   Statut Membre Dernière intervention   674
 
et le rapport de SDFix?
Il est dans C:\SDFix\Report.txt
0
Réponse 7 / 19
The_LizarD Messages postés 16 Statut Membre
 
Le voila, apparemment, j'avais un certain nombre de trojans lol:

[b]SDFix: Version 1.219 [/b]
Run by Mehdi on 28/08/2008 at 13:46

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp18.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1C.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1D.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1E.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp20.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp22.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp25.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp26.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp29.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2A.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2C.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp2F.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp30.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp31.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp32.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp35.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp36.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp37.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp38.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp39.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3A.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3B.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3C.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3D.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3E.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp3F.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp40.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp41.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp42.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp43.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp44.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp45.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp46.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp47.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp48.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp49.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4A.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4B.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4C.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4D.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp4F.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp50.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp51.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp52.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp53.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp54.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp55.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp56.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp57.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp59.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp61.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp6E.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp71.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp72.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp75.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp77.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp84.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp92.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp95.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp96.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp99.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp9E.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmp9F.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA0.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA1.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA2.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA3.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA4.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA8.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpA9.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpAA.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpAB.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpAC.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpAD.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpB6.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpB7.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpB9.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpC4.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpCE.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpDF.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpE2.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpE9.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpEE.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpEF.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF0.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF1.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF3.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF4.tmp - Deleted
C:\DOCUME~1\Mehdi\LOCALS~1\Temp\tmpF7.tmp - Deleted

Folder C:\Documents and Settings\Mehdi\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 13:55:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,31,8f,a8,2d,91,8a,34,92,60,47,c0,61,03,d5,a3,c0,fa,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Liquid Entertainment\\Battle Realms\\Battle_Realms_F.exe"="C:\\Program Files\\Liquid Entertainment\\Battle Realms\\Battle_Realms_F.exe:*:Enabled:Battle_Realms_F"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Disabled:NAVBrowser"
"C:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe"="C:\\Program Files\\Hercules\\DualPix Exchange\\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Mehdi\\Mes documents\\Fichiers t‚l‚charg‚s\\wow.exe"="C:\\Documents and Settings\\Mehdi\\Mes documents\\Fichiers t‚l‚charg‚s\\wow.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Documents and Settings\\Mehdi\\Bureau\\Jedi Academy\\jamp.exe"="C:\\Documents and Settings\\Mehdi\\Bureau\\Jedi Academy\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\TchecMeet\\Tchecmeet.exe"="C:\\Program Files\\TchecMeet\\Tchecmeet.exe:*:Enabled:Tchecmeet"
"C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe"="C:\\Program Files\\LucasArts\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe:*:Enabled:Jedi Academy MP Dedicated Server"
"C:\\Program Files\\LucasArts v1.01\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts v1.01\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\LucasArts v1.01\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe"="C:\\Program Files\\LucasArts v1.01\\Star Wars Jedi Knight Jedi Academy\\GameData\\jampDed.exe:*:Enabled:Jedi Academy MP Dedicated Server"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\TribalWeb\\tribalweb.exe"="C:\\Program Files\\TribalWeb\\tribalweb.exe:*:Enabled:tribalweb"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\LucasArts 1.01\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts 1.01\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\LucasArts Ja+\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Program Files\\LucasArts Ja+\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Documents and Settings\\Mehdi\\Bureau\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"="C:\\Documents and Settings\\Mehdi\\Bureau\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Wippien\\Wippien.exe"="C:\\Program Files\\Wippien\\Wippien.exe:*:Enabled:Wippien"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 2 Mar 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Sat 22 Nov 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT2.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT3.tmp"

[b]Finished![/b]
0
meuhlol Messages postés 2032 Date d'inscription   Statut Membre Dernière intervention   674
 
lol, pas mal la liste :D
alors, toujours des problèmes?
0
Réponse 8 / 19
The_LizarD Messages postés 16 Statut Membre
 
Nan, l'ordi a redémarrer sans problèmes, merci beaucoup les gars !
Je vais faire un point de restauration !
0
meuhlol Messages postés 2032 Date d'inscription   Statut Membre Dernière intervention   674
 
de rien =) t'es bienvenue =)

p.s. édites ton 1er post pour le mettre en statut "résolu" stp :)
0
Réponse 9 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

______

scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­
0
Réponse 10 / 19
The_LizarD Messages postés 16 Statut Membre
 
Bon, en faite mon ordi continuer a ne plus fonctionner au démarrage.
Quand j'allume ma tour puis mon écran, je vois le petit sigle du début "intel inside pentium 4" puis l'ordi se bloque. Ce n'est qu'après avoir coupé l'alimentation de la multi prise de l'ordinateur et en appuyant sur f5 + f8 que l'ordi refonctionne mais fait un bruit bizarre....Mon ordi a toujours fait du bruit de toute façons...le ventilateur est beaucoup trop bruyant mais la c'est un bruit de l'intérieur.

Je vais essayer ce que tu m'a dis au dernier poste jplpl.
0
Réponse 11 / 19
The_LizarD Messages postés 16 Statut Membre
 
Ok, voici le rapport.
Ya des trucs de shopping, je comprends pas, j'ai jamais fait de shopping sur internet...lol.

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1101
Windows 5.1.2600 Service Pack 2

10:39:10 31/08/2008
mbam-log-08-31-2008 (10-39-06).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 139262
Temps écoulé: 1 hour(s), 46 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> No action taken.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Mehdi\Mes documents\Fichiers téléchargés\Setup(2).exe (Adware.Seekmo) -> No action taken.
C:\System Volume Information\_restore{0B5DBE85-4314-4738-B27C-62105CE99313}\RP284\A0052588.dll (Adware.Shopper) -> No action taken.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
C:\Documents and Settings\Mehdi\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.
0
Réponse 12 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr
0
Réponse 13 / 19
The_LizarD Messages postés 16 Statut Membre
 
Mais j'ai deja mis celui avec malware la, a quoi ça sert d'en remettre avec d'autres logiciels...
0
Réponse 14 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
malwarebyte est specialisé dans les logiels espion
les scan en lignes dans les virus ce n'est pas pareil ils sont complementaires
0
Réponse 15 / 19
The_LizarD Messages postés 16 Statut Membre
 
Ok mais ça marche comment ces sites, j'arrive dessus, il me demande de m'inscrire et tout....Ou dois-je cliker pour faire le scan?
0
Réponse 16 / 19
The_LizarD Messages postés 16 Statut Membre
 
Ok, je me suis inscris, je fais le scan la, je metterai le rapport prochainement.

PS: dsl, je sais pas comment on edite les messages ici.
0
Réponse 17 / 19
The_LizarD Messages postés 16 Statut Membre
 
Voila le rapport panda.
et je peux pas faire l'autre.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-31 22:23:21
PROTECTIONS: 1
MALWARE: 25
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 8.0.0.454 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{0B5DBE85-4314-4738-B27C-62105CE99313}\RP372\A0071792.exe
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Mehdi\Mes documents\Fichiers téléchargés\SDFix.exe[C:\Documents and Settings\Mehdi\Mes documents\Fichiers t├⌐l├⌐charg├⌐s\SDFix.exe][SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.tradedoubler.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.tradedoubler.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@fastclick[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@mediaplex[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@xiti[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adtech.de/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@adtech[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[fl01.ct2.comclick.com/]
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@fl01.ct2.comclick[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[fl01.ct2.comclick.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@advertising[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@ads.pointroll[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.overture.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.bluestreak.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Mehdi\Cookies\mehdi@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adrevolver.com/]
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.adviva.net/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noelle\Application Data\Mozilla\Firefox\Profiles\i503rohv.default\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@smartadserver[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Noel\Cookies\marie noel@ads.addynamix[1].txt
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Myriam\Cookies\myriam@adserver.easyad[1].txt
03522165 Adware/Zango Adware No 0 Yes No C:\System Volume Information\_restore{0B5DBE85-4314-4738-B27C-62105CE99313}\RP270\A0050314.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 5
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 18 / 19
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok c'est bon

pour virer ce que l'on a utilisé:

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.

____________________________

désactive la restauration système pour purger les virus qui seraient dedans puis redemarre ton ordi puis réactive là :

https://www.informatruc.com

___________________________

voilà bonne suite

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 19 / 19
The_LizarD Messages postés 16 Statut Membre
 
Ok merci bien.
J'ai purgé la restauration.
Je naviguais déjà avec firefox et j'ai deja un bon antivirus, Kaspersky.
Merci encore pour tout.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses