J'ai un virus WIN32.WORM.KOOBFACE

Phil_tha_beat -  
dodge13680 Messages postés 1295 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
j'ai été infecté par le virus (win32.worm.koobface) et j'ai effectué un scan avec Hijackthis et voici le résultat:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:05:36, on 2008-10-29

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\E_S00RP1.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\sylvain pinard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/en-ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\SYLVAI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail

O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [sysftray] C:\windows\fbtre6.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sylvain pinard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm025YYCA

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://virtualstudio.live.2020.net/KBBPromoVirtualPlanner/Core/Player/2020PlayerAX_Win32.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab

O16 - DPF: {2D72C39D-53F6-4AEA-A9DB-1298429DA974} (3DVista Viewer Control) - http://www.3dvista.com/downloads/viewer3dv.cab

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/fr/ulcontrolxp.cab

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)

O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

O24 - Desktop Component 0: (no name) - file:///D:/Software/Customization/Resource%20Free/Fonds%20d'%E9cran/Sexy/1024x768/23.jpg

--

End of file - 10203 bytes
Configuration: Windows XP
Internet Explorer 6.0

3 réponses

  1. Utilisateur anonyme
     
    Bonsoir,
    Il faudrait s'occuper de ça :

    --------------------\\ Recherche d'autres infections
    
    --------------------\\ KoobFace !
    
    C:\WINDOWS\fbtre6.exe
    C:\WINDOWS\fmark2.dat
    C:\WINDOWS\fbtre6.exe
    C:\WINDOWS\fmark2.dat
    C:\WINDOWS\fbtre6.exe
    C:\WINDOWS\fmark2.dat
    C:\WINDOWS\fbtre6.exe
    C:\WINDOWS\fmark2.dat
    
    --------------------\\ Cracks & Keygens ..
    
    C:\DOCUME~1\SYLVAI~1\Application Data\BitTorrent\2020.kitchen.design.6.1.crack.torrent
    C:\DOCUME~1\SYLVAI~1\Application Data\BitTorrent\2020.kitchen.design.6.1.crack.zip.torrent
    C:\DOCUME~1\SYLVAI~1\Bureau\sauvegarde\Ma musique\rap-old scool\Kanye West\08 Crack Music.wma 


    ++

    EDIT : D'autant + que c'est le titre du topic ( Koobface ) ;)
    6
    1. archet9
       
      MERCI C-XX

      Fais un scan avec cet antispyware :

      Telecharge malwarebytes + tutoriel :

      -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

      Tu l´instale; le programme va se mettre automatiquement a jour.

      Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

      Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

      Puis click sur "rechercher".

      Laisse le scanner le pc...

      Si des elements on ete trouvés > click sur supprimer la selection.

      si il t´es demandé de redemarrer > click sur "yes".

      A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

      Copie et colle le rapport stp.

      A+
      0
    2. phil_tha_beat > archet9
       
      Re-bonjour,

      J'admire votre détermination!
      Alors voici le rapport apres suppression de l'anti-malware:

      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1370
      Windows 5.1.2600 Service Pack 3

      2008-11-06 11:02:30
      mbam-log-2008-11-06 (11-02-30).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 105013
      Temps écoulé: 1 hour(s), 0 minute(s), 33 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 14
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 20

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{36c38422-602d-48a3-8110-4174cbdda12c} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\WINDOWS\SYSTEM32\960932 (Trojan.BHO) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\SYSTEM32\960932\960932.dll (Trojan.BHO) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102508.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102510.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102512.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102515.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102517.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102518.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102520.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102523.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102524.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102525.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102530.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102531.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102545.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102547.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102590.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP1414\A0102591.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\ToolBar SD\Backup-TB\Program Files\MSN Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\ToolBar SD\Backup-TB\WINDOWS\SYSTEM32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
      0
    3. archet9 > phil_tha_beat
       
      reprend MBAM
      supprime tout ce qui est en quarentaine.....
      recolle 1scan hijack stp....
      a+
      0
    4. phil_tha_beat > archet9
       
      alors voici le résultat du dernier scan de hijackthis apres la suppression de la quarantaine de mal-ware:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:08:01, on 2008-11-07
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\E_S00RP1.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
      C:\WINDOWS\VM_STI.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Documents and Settings\sylvain pinard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
      C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
      C:\Documents and Settings\sylvain pinard\Bureau\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/en-ca
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
      O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
      O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
      O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\SYLVAI~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
      O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
      O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
      O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
      O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
      O4 - HKLM\..\Run: [sysftray] C:\windows\fbtre6.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\sylvain pinard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
      O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://virtualstudio.live.2020.net/KBBPromoVirtualPlanner/Core/Player/2020PlayerAX_Win32.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {2D72C39D-53F6-4AEA-A9DB-1298429DA974} (3DVista Viewer Control) - http://www.3dvista.com/downloads/viewer3dv.cab
      O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - http://pix.futureshop.ca/fr/ulcontrolxp.cab
      O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
      O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
      O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      O24 - Desktop Component 0: (no name) - file:///D:/Software/Customization/Resource%20Free/Fonds%20d'%E9cran/Sexy/1024x768/23.jpg
      0
    5. archet9 > phil_tha_beat
       
      WIN32.WORM.KOOBFACE n est plus la.....
      mais je te conseille de virer tes cracks si tu
      ne veux pas le voir revenir....


      a+
      0
  2. dodge13680 Messages postés 1295 Date d'inscription   Statut Membre Dernière intervention   128
     
    le virus koobface ne vient pas des cracks mais de facebook et se propage trés rapidement a tous les contacts de la personne ayant était infecté

    plus d'info https://fr.wikipedia.org/wiki/Koobface
    1
  3. archet9
     
    bonsoir

    merci d avoir créer ton post...
    Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande......

    a+

    0
    1. phil_tha_beat
       
      merci archet9,

      alors voici le rapport de smartfraudfix:

      SmitFraudFix v2.371

      Rapport fait à 9:04:12,54, 2008-11-03
      Executé à partir de C:\Documents and Settings\sylvain pinard\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\E_S00RP1.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\system32\SearchIndexer.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
      C:\WINDOWS\VM_STI.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
      C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
      C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
      C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Documents and Settings\sylvain pinard\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
      C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
      C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
      C:\WINDOWS\system32\SearchProtocolHost.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sylvain pinard


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SYLVAI~1\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sylvain pinard\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SYLVAI~1\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="file:///D:/Software/Customization/Resource%20Free/Fonds%20d'%E9cran/Sexy/1024x768/23.jpg"
      "SubscribedURL"="file:///D:/Software/Customization/Resource%20Free/Fonds%20d'%E9cran/Sexy/1024x768/23.jpg"
      "SubscribedURL"="file:///D:/Software/Customization/Resource%20Free/Fonds%20d'%E9cran/Sexy/1024x768/23.jpg"
      "FriendlyName"=""

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"

      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      AntiXPVSTFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.2.1
      DNS Server Search Order: 192.168.2.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{0B78422A-AE5D-472A-BCCC-B9631BEC33E3}: DhcpNameServer=192.168.2.1 192.168.2.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{0B78422A-AE5D-472A-BCCC-B9631BEC33E3}: DhcpNameServer=192.168.2.1 192.168.2.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{0B78422A-AE5D-472A-BCCC-B9631BEC33E3}: DhcpNameServer=192.168.2.1 192.168.2.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 192.168.2.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
    2. archet9 > phil_tha_beat
       
      ok
      ceci maintenant

      Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
      https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

      * Lance l'installation du programme en exécutant le fichier téléchargé.
      * Double-clique maintenant sur le raccourci de Toolbar-S&D.
      * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
      * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
      * Poste le rapport généré. (C:\TB.txt)
      a+
      0
    3. phil_tha_beat > archet9
       
      Merci de m'aider!

      J'ai fais l'analyse voici le rapport toolbar:

      -----------\\ ToolBar S&D 1.2.4 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
      BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
      USER : sylvain pinard ( Administrator )
      BOOT : Normal boot
      Antivirus : Trend Micro PC-cillin Internet Security 12 12.0.1364 (Activated)
      Firewall : Trend Micro PC-cillin Internet Security 12 12 (Activated)
      C:\ (Local Disk) - NTFS - Total:34 Go (Free:5 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)
      F:\ (USB)

      "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
      Option : [1] ( 2008-11-04| 9:22 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      [Service] MyWebSearchService
      C:\DOCUME~1\SYLVAI~1\APPLIC~1\FunWebProducts
      C:\DOCUME~1\SYLVAI~1\APPLIC~1\FunWebProducts\Data
      C:\Program Files\FunWebProducts
      C:\Program Files\FunWebProducts\ScreenSaver
      C:\Program Files\FunWebProducts\Shared
      C:\Program Files\MyWebSearch
      C:\Program Files\MyWebSearch\bar
      C:\Program Files\MyWebSearch\SrchAstt
      C:\DOCUME~1\SYLVAI~1\Cookies\sylvain_pinard@mywebsearch[2].txt
      C:\WINDOWS\System32\f3PSSavr.scr
      C:\Program Files\Internet Explorer\msimg32.dll
      C:\Program Files\MSN Messenger\riched20.dll

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.google.ca/?gws_rd=ssl"
      "Default_Page_URL"="https://www.dell.com/en-ca"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.google.ca/?gws_rd=ssl"


      --------------------\\ Recherche d'autres infections

      --------------------\\ KoobFace !

      C:\WINDOWS\fbtre6.exe
      C:\WINDOWS\fmark2.dat

      --------------------\\ Cracks & Keygens ..

      C:\DOCUME~1\SYLVAI~1\Application Data\BitTorrent\2020.kitchen.design.6.1.crack.torrent
      C:\DOCUME~1\SYLVAI~1\Application Data\BitTorrent\2020.kitchen.design.6.1.crack.zip.torrent
      C:\DOCUME~1\SYLVAI~1\Bureau\sauvegarde\Ma musique\rap-old scool\Kanye West\08 Crack Music.wma



      1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-04| 9:24 - Option : [1]

      -----------\\ Fin du rapport a 9:24:30,95
      0
    4. archet9 > phil_tha_beat
       
      ok

      fait gaffe avec les cracks et keygens....
      le top pour chopper des saloperies...

      reprends ToolBar S&D 1.2.4 XP/Vista
      lance l option 2
      er poste le rapport stp...

      a+
      0
    5. phil_tha_beat > archet9
       
      alors voici le résultat de l'option 2:


      -----------\\ ToolBar S&D 1.2.4 XP/Vista

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
      BIOS : Phoenix ROM BIOS PLUS Version 1.10 A02
      USER : sylvain pinard ( Administrator )
      BOOT : Normal boot
      Antivirus : Trend Micro PC-cillin Internet Security 12 12.0.1364 (Activated)
      Firewall : Trend Micro PC-cillin Internet Security 12 12 (Activated)
      C:\ (Local Disk) - NTFS - Total:34 Go (Free:5 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)
      F:\ (USB)

      "C:\ToolBar SD" ( MAJ : 27-10-2008|09:25 )
      Option : [2] ( 2008-11-04|13:21 )

      -----------\\ SUPPRESSION

      Supprime! - [Service] MyWebSearchService
      Supprime! - C:\DOCUME~1\SYLVAI~1\APPLIC~1\FunWebProducts\Data
      Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
      Supprime! - C:\Program Files\FunWebProducts\Shared
      Echec ! - C:\Program Files\MyWebSearch\bar
      Supprime! - C:\Program Files\MyWebSearch\SrchAstt
      Supprime! - C:\DOCUME~1\SYLVAI~1\Cookies\sylvain_pinard@mywebsearch[1].txt
      Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
      Echec ! - C:\Program Files\MyWebSearch\bar
      Supprime! - C:\Program Files\MSN Messenger\riched20.dll
      Supprime! - C:\DOCUME~1\SYLVAI~1\APPLIC~1\FunWebProducts
      Supprime! - C:\Program Files\FunWebProducts
      Echec ! - C:\Program Files\MyWebSearch

      -----------\\ DEUXIEME PASSAGE

      Echec ! - C:\Program Files\MyWebSearch\bar
      Echec ! - C:\Program Files\MyWebSearch

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\MyWebSearch
      C:\Program Files\MyWebSearch\bar

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.google.ca/?gws_rd=ssl"
      "Default_Page_URL"="https://www.dell.com/en-ca"
      "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
      "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="https://www.msn.com/fr-fr/"


      --------------------\\ Recherche d'autres infections

      --------------------\\ KoobFace !

      C:\WINDOWS\fbtre6.exe
      C:\WINDOWS\fmark2.dat
      C:\WINDOWS\fbtre6.exe
      C:\WINDOWS\fmark2.dat
      C:\WINDOWS\fbtre6.exe
      C:\WINDOWS\fmark2.dat

      --------------------\\ Cracks & Keygens ..

      C:\DOCUME~1\SYLVAI~1\Application Data\BitTorrent\2020.kitchen.design.6.1.crack.torrent
      C:\DOCUME~1\SYLVAI~1\Application Data\BitTorrent\2020.kitchen.design.6.1.crack.zip.torrent
      C:\DOCUME~1\SYLVAI~1\Bureau\sauvegarde\Ma musique\rap-old scool\Kanye West\08 Crack Music.wma



      1 - "C:\ToolBar SD\TB_1.txt" - 2008-11-04| 9:24 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 2008-11-04|13:16 - Option : [1]
      3 - "C:\ToolBar SD\TB_3.txt" - 2008-11-04|13:22 - Option : [2]

      -----------\\ Fin du rapport a 13:22:32,96
      0