Sujet Précédent Sujet Suivant

MAlware aide svp

jerdu95 Messages postés 12 Statut Membre -  
totobetourne Messages postés 5677 Statut Membre -
bonjour ,

Suite a des problemes d'un logiciel qui est rentré dans mon ordinateur en installant Fraps 2.9 et que je n'arrive pas a resoudre ce probleme, je voudrais de l'aide svp :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:24, on 15/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\jerdu95.PC-de-fee\AppData\Roaming\Adobe\Player.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\cmd.exe
C:\Users\JERDU9~1.PC-\AppData\Local\Temp\pwrmgr.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\ProgramData\cfgdschlp\cpwxizut.exe
C:\ProgramData\hsjcfqtq\zqzwjapy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\ProgramData\cfgdschlp\cpwxizut.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: QXK Olive - {4522268D-C6BF-40F3-86A4-BB60AD2AE473} - C:\Windows\grfxbanoxvd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {20D5F8AF-9FC4-494A-BF76-297EC26B4F06} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_S41AC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Player] C:\Users\jerdu95.PC-de-fee\AppData\Roaming\Adobe\Player.exe
O4 - HKCU\..\Run: [brastk] C:\Windows\system32\brastk.exe
O4 - HKCU\..\Run: [cfgdschlp] C:\ProgramData\cfgdschlp\cpwxizut.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JERDU9~1.PC-\AppData\Local\Temp\jkkJcyXo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JERDU9~1.PC-\AppData\Local\Temp\efcYOigh.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1215386422720&h=1f9ac5385cd7621f5bb819efaccb0228/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: ngwstxfd - {0D4EA57B-BCB2-4095-AC0A-127C31EE17EB} - C:\Windows\ngwstxfd.dll
O21 - SSODL: qrbgltos - {F3F1B8DC-FD17-4C81-A946-A3470F281D84} - C:\Windows\qrbgltos.dll (file missing)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
A voir également:

12 réponses

Réponse 1 / 12
E..T Messages postés 6565 Statut Contributeur 428
 
Hello,

Refais la même chose mais la tu choisis le choix 2
Laisse travailler le pc
Une fois le nettoyage fini ,une recherche sera relancée et un rapport
s'ouvrira automatiquement dans le Bloc-Notes.
Copies-colles le contenu de ce rapport sur le forum.

Puis met un nouveau rapport hijack this.
@+
1
Réponse 2 / 12
jerdu95 Messages postés 12 Statut Membre
 
http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.rar

Lien dead .
1
Réponse 3 / 12
jerdu95
 
--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : jerdu95 ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 292 Go Free : 50 Go
D:\ (Local Disk) - NTFS - Total : 5 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB) - FAT - Total : 124 Mo Free : 0 Go
J:\ (USB)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 16/10/2008|10:44 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[08/09/2008|01:29] C:\Users\JERDU9~1.PC-\AppData\Local\Adobe
[01/07/2008|00:09] C:\Users\JERDU9~1.PC-\AppData\Local\Application Data
[01/07/2008|00:13] C:\Users\JERDU9~1.PC-\AppData\Local\ATI
[24/08/2008|17:01] C:\Users\JERDU9~1.PC-\AppData\Local\Blizzard Entertainment
[15/10/2008|15:33] C:\Users\JERDU9~1.PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[03/08/2008|03:51] C:\Users\JERDU9~1.PC-\AppData\Local\FlatOut Ultimate Carnage
[08/09/2008|11:27] C:\Users\JERDU9~1.PC-\AppData\Local\GDIPFONTCACHEV1.DAT
[27/07/2008|17:31] C:\Users\JERDU9~1.PC-\AppData\Local\Google
[01/07/2008|00:09] C:\Users\JERDU9~1.PC-\AppData\Local\Historique
[15/10/2008|23:47] C:\Users\JERDU9~1.PC-\AppData\Local\IconCache.db
[03/09/2008|19:47] C:\Users\JERDU9~1.PC-\AppData\Local\Microsoft
[06/07/2008|21:27] C:\Users\JERDU9~1.PC-\AppData\Local\Mozilla
[15/07/2008|03:42] C:\Users\JERDU9~1.PC-\AppData\Local\PunkBuster
[23/08/2008|17:52] C:\Users\JERDU9~1.PC-\AppData\Local\SEGA
[06/07/2008|18:08] C:\Users\JERDU9~1.PC-\AppData\Local\Steam
[16/10/2008|10:43] C:\Users\JERDU9~1.PC-\AppData\Local\Temp
[01/07/2008|00:09] C:\Users\JERDU9~1.PC-\AppData\Local\Temporary Internet Files
[27/07/2008|17:29] C:\Users\JERDU9~1.PC-\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[15/10/2008 18:00][--a------] C:\Windows\tasks\Norton Security Scan.job
[16/10/2008 10:33][--ah-----] C:\Windows\tasks\SA.DAT
[15/10/2008 23:47][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[07/09/2008|20:05] C:\ProgramData\Adobe
[30/06/2008|16:30] C:\ProgramData\Application Data
[30/06/2008|16:30] C:\ProgramData\Bureau
[15/10/2008|23:24] C:\ProgramData\cfgdschlp
[15/10/2008|14:12] C:\ProgramData\cfgutil
[05/02/2007|18:11] C:\ProgramData\CyberLink
[30/06/2008|16:30] C:\ProgramData\Documents
[15/10/2008|23:16] C:\ProgramData\dscinfoadm
[30/06/2008|16:30] C:\ProgramData\Favoris
[07/09/2008|20:10] C:\ProgramData\FLEXnet
[15/10/2008|18:47] C:\ProgramData\fmxgpwlk
[05/02/2007|18:16] C:\ProgramData\Google
[05/02/2007|18:27] C:\ProgramData\Hewlett-Packard
[15/10/2008|23:24] C:\ProgramData\hsjcfqtq
[15/10/2008|18:47] C:\ProgramData\infoutil
[05/02/2007|18:15] C:\ProgramData\InstallShield
[05/02/2007|18:08] C:\ProgramData\Intel
[15/10/2008|14:21] C:\ProgramData\klklyvmn
[15/10/2008|13:45] C:\ProgramData\Malwarebytes
[30/06/2008|16:30] C:\ProgramData\Menu D‚marrer
[04/09/2008|20:40] C:\ProgramData\Microsoft
[30/06/2008|16:30] C:\ProgramData\ModŠles
[15/07/2008|20:07] C:\ProgramData\PopCap Games
[13/10/2008|21:07] C:\ProgramData\Roxio
[28/07/2008|15:59] C:\ProgramData\Skype
[07/07/2008|00:29] C:\ProgramData\Sonic
[15/10/2008|23:51] C:\ProgramData\Symantec
[15/10/2008|14:27] C:\ProgramData\TEMP
[29/07/2008|02:58] C:\ProgramData\THQ
[12/10/2008|13:24] C:\ProgramData\TrackMania
[09/09/2008|12:52] C:\ProgramData\Trymedia
[02/08/2008|02:29] C:\ProgramData\Ubisoft
[06/07/2008|18:13] C:\ProgramData\WLInstaller
[15/10/2008|23:05] C:\ProgramData\wnqpknyz
[15/10/2008|15:35] C:\ProgramData\zcpwjkpe

--------------------\\ Listing des dossiers dans C:\Program Files

[19/07/2008|12:44] C:\Program Files\7-Zip
[30/06/2008|21:35] C:\Program Files\ABBYY FineReader 8.0 Professional Edition
[07/09/2008|20:05] C:\Program Files\Adobe
[12/07/2008|04:10] C:\Program Files\AGEIA Technologies
[27/09/2008|20:42] C:\Program Files\alaplaya
[29/07/2008|05:22] C:\Program Files\Anno 1701
[01/08/2008|04:00] C:\Program Files\Atari
[05/02/2007|18:05] C:\Program Files\ATI
[05/02/2007|18:05] C:\Program Files\ATI Technologies
[04/09/2008|20:40] C:\Program Files\AutoHotkey
[07/09/2008|20:04] C:\Program Files\Bonjour
[16/09/2008|21:44] C:\Program Files\Common Files
[15/08/2008|18:27] C:\Program Files\CVitae
[10/07/2008|18:33] C:\Program Files\DivX
[03/08/2008|03:19] C:\Program Files\Empire Interactive
[21/07/2008|21:42] C:\Program Files\EPSON
[27/08/2008|22:46] C:\Program Files\ESTsoft
[30/06/2008|16:30] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[27/08/2008|23:22] C:\Program Files\GameTribe
[09/10/2008|13:08] C:\Program Files\Google
[16/09/2008|21:53] C:\Program Files\gPotato.eu
[18/08/2008|13:52] C:\Program Files\Hercules
[05/02/2007|18:15] C:\Program Files\Hewlett-Packard
[05/02/2007|18:11] C:\Program Files\HP
[09/09/2008|12:52] C:\Program Files\Hunting Unlimited 2009
[27/09/2008|20:42] C:\Program Files\InstallShield Installation Information
[05/02/2007|18:08] C:\Program Files\Intel
[16/09/2008|21:42] C:\Program Files\Internet Explorer
[07/07/2008|01:19] C:\Program Files\Java
[28/07/2008|19:17] C:\Program Files\Kalypso
[05/02/2007|18:07] C:\Program Files\MainConcept
[15/10/2008|13:46] C:\Program Files\Malwarebytes' Anti-Malware
[07/07/2008|12:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[19/07/2008|12:59] C:\Program Files\Microsoft Games
[16/08/2008|14:52] C:\Program Files\Microsoft Office
[30/06/2008|17:22] C:\Program Files\Microsoft SQL Server Compact Edition
[11/09/2008|03:02] C:\Program Files\Microsoft Works
[16/08/2008|14:45] C:\Program Files\Microsoft.NET
[06/02/2007|02:51] C:\Program Files\Movie Maker
[26/09/2008|21:28] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[30/06/2008|23:29] C:\Program Files\MSXML 4.0
[26/08/2008|00:58] C:\Program Files\NHN USA
[05/02/2007|18:18] C:\Program Files\Norton Internet Security
[15/10/2008|18:00] C:\Program Files\Norton Security Scan
[05/02/2007|18:23] C:\Program Files\PC-Doctor 5 for Windows
[15/10/2008|23:51] C:\Program Files\PCHealthCenter
[15/10/2008|23:51] C:\Program Files\Rapid Antivirus
[16/09/2008|21:43] C:\Program Files\Real
[05/02/2007|18:07] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[05/02/2007|18:10] C:\Program Files\Roxio
[23/08/2008|17:41] C:\Program Files\SEGA
[05/02/2007|18:16] C:\Program Files\Services en ligne
[30/06/2008|23:07] C:\Program Files\Sierra On-Line
[28/07/2008|15:59] C:\Program Files\Skype
[15/10/2008|23:51] C:\Program Files\Smart Antivirus 2009
[16/08/2008|14:32] C:\Program Files\Sonic Foundry
[16/08/2008|14:32] C:\Program Files\Sonic Foundry Setup
[16/10/2008|10:35] C:\Program Files\Steam
[05/02/2007|18:18] C:\Program Files\Symantec
[14/09/2008|21:00] C:\Program Files\Teamspeak2_RC2
[26/07/2008|01:40] C:\Program Files\The Guild 2 - Pirates of the European Seas
[11/07/2008|21:59] C:\Program Files\TmNationsForever
[29/07/2008|02:42] C:\Program Files\Trend Micro
[02/08/2008|02:14] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/08/2008|01:00] C:\Program Files\VideoLAN
[25/07/2008|18:21] C:\Program Files\Virtools Web Player 3.5
[07/07/2008|18:41] C:\Program Files\VirtualDJ
[15/07/2008|03:41] C:\Program Files\WarRock
[01/07/2008|01:03] C:\Program Files\Windows Calendar
[06/02/2007|02:51] C:\Program Files\Windows Collaboration
[01/07/2008|01:03] C:\Program Files\Windows Defender
[06/02/2007|02:51] C:\Program Files\Windows Journal
[30/06/2008|23:35] C:\Program Files\Windows Live
[05/07/2008|02:25] C:\Program Files\Windows Mail
[05/07/2008|02:25] C:\Program Files\Windows Media Player
[30/06/2008|16:30] C:\Program Files\Windows NT
[06/02/2007|02:51] C:\Program Files\Windows Photo Gallery
[05/07/2008|02:25] C:\Program Files\Windows Sidebar
[07/07/2008|00:29] C:\Program Files\WinRAR
[02/08/2008|23:44] C:\Program Files\World of Warcraft
[14/09/2008|08:41] C:\Program Files\WOw beta test
[17/08/2008|09:42] C:\Program Files\WowCartographe
[15/10/2008|23:49] C:\Program Files\Xfire
[27/08/2008|22:52] C:\Program Files\Zemi Interactive

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[07/09/2008|20:04] C:\Program Files\Common Files\Adobe
[24/08/2008|14:25] C:\Program Files\Common Files\Blizzard Entertainment
[16/08/2008|14:46] C:\Program Files\Common Files\DESIGNER
[26/08/2008|00:03] C:\Program Files\Common Files\INCA Shared
[05/02/2007|18:15] C:\Program Files\Common Files\InstallShield
[05/02/2007|18:08] C:\Program Files\Common Files\Intel
[07/07/2008|01:18] C:\Program Files\Common Files\Java
[05/02/2007|18:10] C:\Program Files\Common Files\LightScribe
[05/02/2007|18:10] C:\Program Files\Common Files\LS Getting Started
[07/09/2008|19:57] C:\Program Files\Common Files\Macrovision Shared
[18/08/2008|20:32] C:\Program Files\Common Files\microsoft shared
[10/07/2008|18:33] C:\Program Files\Common Files\PX Storage Engine
[16/09/2008|21:44] C:\Program Files\Common Files\Real
[05/02/2007|18:09] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[28/07/2008|15:59] C:\Program Files\Common Files\Skype
[05/02/2007|18:09] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[10/10/2008|23:35] C:\Program Files\Common Files\Steam
[05/02/2007|18:10] C:\Program Files\Common Files\SureThing Shared
[01/07/2008|12:59] C:\Program Files\Common Files\Symantec Shared
[16/08/2008|14:46] C:\Program Files\Common Files\System
[06/07/2008|18:17] C:\Program Files\Common Files\WindowsLiveInstaller
[12/07/2008|04:10] C:\Program Files\Common Files\Wise Installation Wizard
[16/09/2008|21:44] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 88 Processes )

iexplore.exe ~ [PID:3892]
iexplore.exe ~ [PID:5616]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\JERDU9~1.PC-\AppData\Local\Temp\nsiB50F.tmp.bat

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 10:44:43
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Recherche d'autres infections

C:\Windows\system32\MUtwxyay.ini
C:\Windows\system32\MUtwxyay.ini2
[b]==> VUNDO <==/b

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]

Trojan ! .. C:\Windows\system32\drivers\tdssserv.sys
Trojan ! .. C:\Windows\system32\tdssl.dll

--------------------\\ ROGUES ..

C:\Users\JERDU9~1.PC-\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Smart Antivirus 2009
C:\PROGRA~1\Smart Antivirus 2009

--------------------\\ Suspect ..

C:\Windows\system32\TDSSl.dll

--------------------\\ Cracks & Keygens ..

C:\Users\JERDU9~1.PC-\Documents\Crack
C:\Users\JERDU9~1.PC-\Documents\Crack\AssassinsCreed_Dx10.exe
C:\Users\JERDU9~1.PC-\Documents\Crack\AssassinsCreed_Dx9.exe
C:\Users\JERDU9~1.PC-\Documents\TrackMania\Tracks\Replays\Autosaves\jerdu95_$w$f00Leftover$000Crack.Replay.gbx
C:\Users\JERDU9~1.PC-\Downloads\crack.rar

[F:2337][D:99]-> C:\Users\JERDU9~1.PC-\AppData\Local\Temp
[F:1330][D:1]-> C:\Users\JERDU9~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2165][D:6]-> C:\Users\JERDU9~1.PC-\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:118][D:16]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 16/10/2008|10:46 - Option : [1]

--------------------\\ Fin du rapport a 10:46:57
[ UAC => 1 ]
0
Réponse 4 / 12
jerdu95
 
Desolé du temp que sa a mis , mais mon ordinateur n'a pas voulut sallumé :(
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
E..T Messages postés 6565 Statut Contributeur 428
 
Bonsoir,

Sous Vista >> Désactive l'UAC >> http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
Démarrer, puis Panneau de configuration.
Choisis l'affichage classique sur la gauche et double-clique sur Comptes d'utilisateurs.
Cliques ensuite sur désactiver le contrôle des comptes d'utilisateurs.
On le réactivera à la fin de la désinfection.

Ensuite

Télécharge >> Lop S&D.exe << puis enregistres-le sur ton Bureau .
double-clic sur le fichier LopSD.exe suffira à lancer l'installation
Accepte le contat de licence
Créer le répertoire de destination, accepte en cliquant sur oui
Un raccourci sera créé sur ton Bureau.
Double clic dessus.
Choisis la langue f pour Français puis valide par Entrée.
Choisis l'option Recherche en saisissant 1 valides par Entrée.
Ton bureau va disparaitre c'est normal.
Patiente le temps du scan
A la fin du scan un rapport sera généré et s'ouvrira automatiquement dans le Bloc-Notes.
Copies-colles le contenu de ce rapport ici.
>>On le trouve aussi en %systemdrive%\LopR.txt

A toute.
@++
-1
Réponse 6 / 12
jerdu95 Messages postés 12 Statut Membre
 
--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : jerdu95 ( Administrator )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 292 Go Free : 50 Go
D:\ (Local Disk) - NTFS - Total : 5 Go Free : 5 Go
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB) - FAT - Total : 124 Mo Free : 0 Go
J:\ (USB)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 16/10/2008|12:32 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\JERDU9~1.PC-\AppData\Local\Temp\nsiB50F.tmp.bat
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[08/09/2008|01:29] C:\Users\JERDU9~1.PC-\AppData\Local\Adobe
[01/07/2008|00:09] C:\Users\JERDU9~1.PC-\AppData\Local\Application Data
[01/07/2008|00:13] C:\Users\JERDU9~1.PC-\AppData\Local\ATI
[24/08/2008|17:01] C:\Users\JERDU9~1.PC-\AppData\Local\Blizzard Entertainment
[15/10/2008|15:33] C:\Users\JERDU9~1.PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[03/08/2008|03:51] C:\Users\JERDU9~1.PC-\AppData\Local\FlatOut Ultimate Carnage
[08/09/2008|11:27] C:\Users\JERDU9~1.PC-\AppData\Local\GDIPFONTCACHEV1.DAT
[27/07/2008|17:31] C:\Users\JERDU9~1.PC-\AppData\Local\Google
[01/07/2008|00:09] C:\Users\JERDU9~1.PC-\AppData\Local\Historique
[16/10/2008|11:13] C:\Users\JERDU9~1.PC-\AppData\Local\IconCache.db
[03/09/2008|19:47] C:\Users\JERDU9~1.PC-\AppData\Local\Microsoft
[06/07/2008|21:27] C:\Users\JERDU9~1.PC-\AppData\Local\Mozilla
[15/07/2008|03:42] C:\Users\JERDU9~1.PC-\AppData\Local\PunkBuster
[23/08/2008|17:52] C:\Users\JERDU9~1.PC-\AppData\Local\SEGA
[06/07/2008|18:08] C:\Users\JERDU9~1.PC-\AppData\Local\Steam
[16/10/2008|12:33] C:\Users\JERDU9~1.PC-\AppData\Local\Temp
[01/07/2008|00:09] C:\Users\JERDU9~1.PC-\AppData\Local\Temporary Internet Files
[27/07/2008|17:29] C:\Users\JERDU9~1.PC-\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[15/10/2008 18:00][--a------] C:\Windows\tasks\Norton Security Scan.job
[16/10/2008 11:14][--ah-----] C:\Windows\tasks\SA.DAT
[16/10/2008 11:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[07/09/2008|20:05] C:\ProgramData\Adobe
[30/06/2008|16:30] C:\ProgramData\Application Data
[30/06/2008|16:30] C:\ProgramData\Bureau
[15/10/2008|23:24] C:\ProgramData\cfgdschlp
[15/10/2008|14:12] C:\ProgramData\cfgutil
[05/02/2007|18:11] C:\ProgramData\CyberLink
[30/06/2008|16:30] C:\ProgramData\Documents
[15/10/2008|23:16] C:\ProgramData\dscinfoadm
[30/06/2008|16:30] C:\ProgramData\Favoris
[07/09/2008|20:10] C:\ProgramData\FLEXnet
[15/10/2008|18:47] C:\ProgramData\fmxgpwlk
[05/02/2007|18:16] C:\ProgramData\Google
[05/02/2007|18:27] C:\ProgramData\Hewlett-Packard
[15/10/2008|23:24] C:\ProgramData\hsjcfqtq
[15/10/2008|18:47] C:\ProgramData\infoutil
[05/02/2007|18:15] C:\ProgramData\InstallShield
[05/02/2007|18:08] C:\ProgramData\Intel
[15/10/2008|14:21] C:\ProgramData\klklyvmn
[15/10/2008|13:45] C:\ProgramData\Malwarebytes
[30/06/2008|16:30] C:\ProgramData\Menu D‚marrer
[04/09/2008|20:40] C:\ProgramData\Microsoft
[30/06/2008|16:30] C:\ProgramData\ModŠles
[15/07/2008|20:07] C:\ProgramData\PopCap Games
[13/10/2008|21:07] C:\ProgramData\Roxio
[28/07/2008|15:59] C:\ProgramData\Skype
[07/07/2008|00:29] C:\ProgramData\Sonic
[16/10/2008|10:48] C:\ProgramData\Symantec
[15/10/2008|14:27] C:\ProgramData\TEMP
[29/07/2008|02:58] C:\ProgramData\THQ
[12/10/2008|13:24] C:\ProgramData\TrackMania
[09/09/2008|12:52] C:\ProgramData\Trymedia
[02/08/2008|02:29] C:\ProgramData\Ubisoft
[06/07/2008|18:13] C:\ProgramData\WLInstaller
[15/10/2008|23:05] C:\ProgramData\wnqpknyz
[15/10/2008|15:35] C:\ProgramData\zcpwjkpe

--------------------\\ Listing des dossiers dans C:\Program Files

[19/07/2008|12:44] C:\Program Files\7-Zip
[30/06/2008|21:35] C:\Program Files\ABBYY FineReader 8.0 Professional Edition
[07/09/2008|20:05] C:\Program Files\Adobe
[12/07/2008|04:10] C:\Program Files\AGEIA Technologies
[27/09/2008|20:42] C:\Program Files\alaplaya
[29/07/2008|05:22] C:\Program Files\Anno 1701
[01/08/2008|04:00] C:\Program Files\Atari
[05/02/2007|18:05] C:\Program Files\ATI
[05/02/2007|18:05] C:\Program Files\ATI Technologies
[04/09/2008|20:40] C:\Program Files\AutoHotkey
[07/09/2008|20:04] C:\Program Files\Bonjour
[16/09/2008|21:44] C:\Program Files\Common Files
[15/08/2008|18:27] C:\Program Files\CVitae
[10/07/2008|18:33] C:\Program Files\DivX
[03/08/2008|03:19] C:\Program Files\Empire Interactive
[21/07/2008|21:42] C:\Program Files\EPSON
[27/08/2008|22:46] C:\Program Files\ESTsoft
[30/06/2008|16:30] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[27/08/2008|23:22] C:\Program Files\GameTribe
[09/10/2008|13:08] C:\Program Files\Google
[16/09/2008|21:53] C:\Program Files\gPotato.eu
[18/08/2008|13:52] C:\Program Files\Hercules
[05/02/2007|18:15] C:\Program Files\Hewlett-Packard
[05/02/2007|18:11] C:\Program Files\HP
[09/09/2008|12:52] C:\Program Files\Hunting Unlimited 2009
[27/09/2008|20:42] C:\Program Files\InstallShield Installation Information
[05/02/2007|18:08] C:\Program Files\Intel
[16/09/2008|21:42] C:\Program Files\Internet Explorer
[07/07/2008|01:19] C:\Program Files\Java
[28/07/2008|19:17] C:\Program Files\Kalypso
[05/02/2007|18:07] C:\Program Files\MainConcept
[15/10/2008|13:46] C:\Program Files\Malwarebytes' Anti-Malware
[07/07/2008|12:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[19/07/2008|12:59] C:\Program Files\Microsoft Games
[16/08/2008|14:52] C:\Program Files\Microsoft Office
[30/06/2008|17:22] C:\Program Files\Microsoft SQL Server Compact Edition
[11/09/2008|03:02] C:\Program Files\Microsoft Works
[16/08/2008|14:45] C:\Program Files\Microsoft.NET
[06/02/2007|02:51] C:\Program Files\Movie Maker
[26/09/2008|21:28] C:\Program Files\Mozilla Firefox
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[30/06/2008|23:29] C:\Program Files\MSXML 4.0
[26/08/2008|00:58] C:\Program Files\NHN USA
[05/02/2007|18:18] C:\Program Files\Norton Internet Security
[15/10/2008|18:00] C:\Program Files\Norton Security Scan
[05/02/2007|18:23] C:\Program Files\PC-Doctor 5 for Windows
[16/09/2008|21:43] C:\Program Files\Real
[05/02/2007|18:07] C:\Program Files\Realtek
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[05/02/2007|18:10] C:\Program Files\Roxio
[23/08/2008|17:41] C:\Program Files\SEGA
[05/02/2007|18:16] C:\Program Files\Services en ligne
[30/06/2008|23:07] C:\Program Files\Sierra On-Line
[28/07/2008|15:59] C:\Program Files\Skype
[16/08/2008|14:32] C:\Program Files\Sonic Foundry
[16/08/2008|14:32] C:\Program Files\Sonic Foundry Setup
[16/10/2008|11:15] C:\Program Files\Steam
[05/02/2007|18:18] C:\Program Files\Symantec
[14/09/2008|21:00] C:\Program Files\Teamspeak2_RC2
[26/07/2008|01:40] C:\Program Files\The Guild 2 - Pirates of the European Seas
[11/07/2008|21:59] C:\Program Files\TmNationsForever
[29/07/2008|02:42] C:\Program Files\Trend Micro
[02/08/2008|02:14] C:\Program Files\Ubisoft
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[24/08/2008|01:00] C:\Program Files\VideoLAN
[25/07/2008|18:21] C:\Program Files\Virtools Web Player 3.5
[07/07/2008|18:41] C:\Program Files\VirtualDJ
[15/07/2008|03:41] C:\Program Files\WarRock
[01/07/2008|01:03] C:\Program Files\Windows Calendar
[06/02/2007|02:51] C:\Program Files\Windows Collaboration
[01/07/2008|01:03] C:\Program Files\Windows Defender
[06/02/2007|02:51] C:\Program Files\Windows Journal
[30/06/2008|23:35] C:\Program Files\Windows Live
[05/07/2008|02:25] C:\Program Files\Windows Mail
[05/07/2008|02:25] C:\Program Files\Windows Media Player
[30/06/2008|16:30] C:\Program Files\Windows NT
[06/02/2007|02:51] C:\Program Files\Windows Photo Gallery
[05/07/2008|02:25] C:\Program Files\Windows Sidebar
[07/07/2008|00:29] C:\Program Files\WinRAR
[02/08/2008|23:44] C:\Program Files\World of Warcraft
[14/09/2008|08:41] C:\Program Files\WOw beta test
[17/08/2008|09:42] C:\Program Files\WowCartographe
[15/10/2008|23:49] C:\Program Files\Xfire
[27/08/2008|22:52] C:\Program Files\Zemi Interactive

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[07/09/2008|20:04] C:\Program Files\Common Files\Adobe
[24/08/2008|14:25] C:\Program Files\Common Files\Blizzard Entertainment
[16/08/2008|14:46] C:\Program Files\Common Files\DESIGNER
[26/08/2008|00:03] C:\Program Files\Common Files\INCA Shared
[05/02/2007|18:15] C:\Program Files\Common Files\InstallShield
[05/02/2007|18:08] C:\Program Files\Common Files\Intel
[07/07/2008|01:18] C:\Program Files\Common Files\Java
[05/02/2007|18:10] C:\Program Files\Common Files\LightScribe
[05/02/2007|18:10] C:\Program Files\Common Files\LS Getting Started
[07/09/2008|19:57] C:\Program Files\Common Files\Macrovision Shared
[18/08/2008|20:32] C:\Program Files\Common Files\microsoft shared
[10/07/2008|18:33] C:\Program Files\Common Files\PX Storage Engine
[16/09/2008|21:44] C:\Program Files\Common Files\Real
[05/02/2007|18:09] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[28/07/2008|15:59] C:\Program Files\Common Files\Skype
[05/02/2007|18:09] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[10/10/2008|23:35] C:\Program Files\Common Files\Steam
[05/02/2007|18:10] C:\Program Files\Common Files\SureThing Shared
[01/07/2008|12:59] C:\Program Files\Common Files\Symantec Shared
[16/08/2008|14:46] C:\Program Files\Common Files\System
[06/07/2008|18:17] C:\Program Files\Common Files\WindowsLiveInstaller
[12/07/2008|04:10] C:\Program Files\Common Files\Wise Installation Wizard
[16/09/2008|21:44] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 69 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\JERDU9~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies\jerdu95@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 12:33:23
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 8

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]

--------------------\\ Cracks & Keygens ..

C:\Users\JERDU9~1.PC-\Documents\Crack
C:\Users\JERDU9~1.PC-\Documents\Crack\AssassinsCreed_Dx10.exe
C:\Users\JERDU9~1.PC-\Documents\Crack\AssassinsCreed_Dx9.exe
C:\Users\JERDU9~1.PC-\Documents\TrackMania\Tracks\Replays\Autosaves\jerdu95_$w$f00Leftover$000Crack.Replay.gbx
C:\Users\JERDU9~1.PC-\Downloads\crack.rar

[F:2339][D:101]-> C:\Users\JERDU9~1.PC-\AppData\Local\Temp
[F:1335][D:1]-> C:\Users\JERDU9~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies
[F:2368][D:6]-> C:\Users\JERDU9~1.PC-\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:12][D:4]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 16/10/2008|10:46 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/10/2008|12:39 - Option : [2]

--------------------\\ Fin du rapport a 12:39:47
[ UAC => 1 ]
-1
Réponse 7 / 12
jerdu95 Messages postés 12 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:13, on 16/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: QXK Olive - {4522268D-C6BF-40F3-86A4-BB60AD2AE473} - C:\Windows\grfxbanoxvd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QXK Olive - {9D16A7EE-E00A-4BFA-A976-308772A47699} - C:\Windows\grfxbanogtl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {B6B432BF-66DB-42F6-BA6D-9124C68962B5} - C:\Windows\system32\yayxwtUM.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {20D5F8AF-9FC4-494A-BF76-297EC26B4F06} - (no file)
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /F "C:\Windows\TEMP\E_S41AC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\jkkLBsqQ.dll,#1
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Player] C:\Users\jerdu95.PC-de-fee\AppData\Roaming\Adobe\Player.exe
O4 - HKCU\..\Run: [brastk] C:\Windows\system32\brastk.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1673101749-1368019852-4205720571-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1215386422720&h=1f9ac5385cd7621f5bb819efaccb0228/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: infyhb.dll
O21 - SSODL: ngwstxfd - {FABFE3FA-EC19-4D15-91D3-9CFFB4AEB395} - C:\Windows\ngwstxfd.dll
O21 - SSODL: qrbgltos - {8938FAF6-04BF-4215-A135-17BC615880F1} - C:\Windows\qrbgltos.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
-1
Réponse 8 / 12
jerdu95 Messages postés 12 Statut Membre
 
on dirais que j'ai plus de probleme , peut tu me rassuré .

Merci de ton aide en tous cas :)
-1
Réponse 9 / 12
E..T Messages postés 6565 Statut Contributeur 428
 
Bonsoir,
Il reste pas mal de trucs bizarres mais ça avance ;)

Si tu as réactivé l'UAC désactive le.

Télécharge Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... *** >>>>> Le fix peut durer une dizaine de minutes ;)
Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle le rapport ici.

@++
-1
Réponse 10 / 12
jerdu95 Messages postés 12 Statut Membre
 
Search Navipromo version 3.6.6 commencé le 17/10/2008 à 17:04:36,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "jerdu95"

Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16757
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\Windows" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Recherche dossiers dans "C:\ProgramData" ***

*** Recherche dossiers dans "c:\users\jerdu9~1.pc-\appdata\roaming\micros~1\windows\startm~1\programs" ***

*** Recherche dossiers dans "C:\Users\jerdu95.PC-de-fee\AppData\Local\virtualstore\Program Files" ***

*** Recherche dossiers dans "C:\Users\jerdu95.PC-de-fee\AppData\Roaming" ***

*** Recherche dossiers dans "C:\Users\IUSR_N~1\appdata\roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\jerdu95.PC-de-fee\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\jerdu95.PC-de-fee\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\jerdu95.PC-de-fee\AppData\Local" *

* Recherche dans "C:\Users\IUSR_N~1\AppData\Local" *

* Recherche dans "C:\Users\JERDU9~1\AppData\Local" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

* Dans "C:\Users\jerdu95.PC-de-fee\AppData\Local\Microsoft" :

* Dans "C:\Users\jerdu95.PC-de-fee\AppData\Local\virtualstore\windows\system32" :

* Dans "C:\Users\jerdu95.PC-de-fee\AppData\Local" :

* Dans "C:\Users\IUSR_N~1\AppData\Local" :

* Dans "C:\Users\JERDU9~1\AppData\Local" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

*** Analyse terminée le 17/10/2008 à 19:14:42,22 ***
-1
Réponse 11 / 12
totobetourne Messages postés 5677 Statut Membre 65
 
eh oui les cracks c est remplie de ver bagle.

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Services\tdssserv]
Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]

--------------------\\ Cracks & Keygens ..

C:\Users\JERDU9~1.PC-\Documents\Crack
C:\Users\JERDU9~1.PC-\Documents\Crack\AssassinsCreed_Dx10.exe
C:\Users\JERDU9~1.PC-\Documents\Crack\AssassinsCreed_Dx9.exe
C:\Users\JERDU9~1.PC-\Documents\TrackMania\Tracks\Replays\Autosaves\jerdu95_$w$f00Leftover$000Crack.Replay.gbx
C:\Users\JERDU9~1.PC-\Downloads\crack.rar

il faut cet outil tres bien sur ce probleme BAGLE

Télécharges FindyKill de Chiquitine29

Fais un clique droit sur le lien et choisis "enregistrer la cible sous ...." , destination le bureau .

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.rar

--> Dezippes le (= extraire) sur ton bureau .

Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .

--> Entre dans le dossier " FindyKill "

Double clic sur " FindyKill.bat " (et pas sur autre chose!) pour lancer l'outil .

->choisis l'option 2 . Puis laisses travailler ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
-1
Réponse 12 / 12
totobetourne Messages postés 5677 Statut Membre 65
 
a priori un probleme avec c elien pas de liaison pour l instant.

on va faire avec un autre outil.lance le successivement en mode normal et en mode sans echec.

1er Méthode : ELIBAGLA

Renommer ELIBAGLA

* Voici en avant-première une astuce capable de rendre Elibagla plus efficace face aux variantes Bagle !
* Il suffit de le renommer en utilisant le même nom qu'un des fichiers faisant partie de l'infection: ici mdelk.exe et le rootkit sera incapable de faire la différence avec le fichier de l'infection qui porte le même nom et qui lui autorise donc un champ d'action beaucoup plus important.
* Elibagla ainsi renommé sera capable en un seul passage de neutraliser totalement l'infection. Il suffit ensuite d'un redémarrage du PC et d'un second scan pour supprimer les restes de l'infection.
* A noter que cette astuce marche uniquement si l'exe d'Elibagla est correctement renommé en mdelk.exe !

* Téléchargez ELIBAGLA (by SATINFO) en bas de cette page : http://www.zonavirus.com/datos/descargas/95/elibagla.asp
* Cliquez sur le bouton Descargar Elibagla pour télécharger le fichier, placez le sur votre bureau.
* Double-cliquez dessus pour l'ouvrir
* Assurez-vous que dans le menu déroulant Unidad, vous avez bien C:\ (ou la partition contenant le système d'exploitation)
* Vérifiez aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente est bien cochée
* Cliquez sur le bouton Explorar pour lancer l'analyse, à la fin du scan, un rapport est généré, nommé infosat.txt, il est en outre sauvegardé sous la racine : C:\infosat.txt

Exemple d'un rapport contenant des fichiers infectés :

Thu Feb 28 21:49:09 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Thu Feb 28 21:49:48 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Program Files\ATI Technologies\ATI Control Panel\ATIPTAXX.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\MDELK.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)
C:\WINDOWS\system32\WINTEMS.EXE --> Acceso Denegado, Bagle (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 7505
Nº Total de Ficheros: 82386
Nº de Ficheros Analizados: 12450
Nº de Ficheros Infectados: 3
Nº de Ficheros Limpiados: 3

* Exploitation du rapport :
o la mention : Eliminado Bagle signifie que la composante du ver a bien été supprimée
o la mention : Bagle Acceso Denegado signifie que l'accès à ce fichier est refusé, il n'a donc pas été supprimé
o la mention : Acceso Denegado, Bagle (Reiniciar para completar la Limpieza) signifie qu'il faut repasser l'outil pour en arriver à bout !
o Elibagla a la capacité de réparer la clé safeboot supprimer par bagle, si c'est le cas, la mention suivante apparait dans le rapport : Restaurada Clave: "SafeBoot\Minimal y Network"

Remarque : il est très important de passer plusieurs fois Elibagla en mode normal, ainsi qu'en mode sans échec si possible afin d'essayer de supprimer le plus de fichiers infectés possible !

Dans notre exemple, Elibagla n'est pas arrivé à bout de l'infection du 1er coup, nous allons voir dans la suite comment d'autres outils peuvent venir compéter la suppression du ver Bagle.
-1

Discussions similaires

supprimer tor.jack android
sabinelouisonbruno -
akaloupile -

4 réponses
Tor.Jack.Malware
Camille -
bazfile -

1 réponse
Win64 malware gen
jules555 -
bazfile -

1 réponse
je n'arrive pas a supprimer un virus sur mon téléphone
nath340 -
christou -

26 réponses
Antimalware service Executable consomme 45% de RAM.
KalenShiv -
KalenShiv -

8 réponses