Prblème avec un virus : JS:FakeAV-A [Trj]
Résolu
artanis2880
Messages postés
35
Statut
Membre
-
g!rly Messages postés 18462 Statut Contributeur -
g!rly Messages postés 18462 Statut Contributeur -
Bonjour, j'ai un problème avec un virus, JS:FakeAV-A [Trj], c'est ce que avast me marque. Je suis incapable de le supprimer, avast le détecte mais il ne me donne pas l'optn de le supprimer. Il m'apparait constament des pubs quand je suis sur internet... pouvez-vous m'aider??????
Merci d'avance
Merci d'avance
A voir également:
- Prblème avec un virus : JS:FakeAV-A [Trj]
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
53 réponses
========== FILES ==========
c:\program files\HiYo\Bin moved successfully.
c:\program files\HiYo moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\726876375 moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\636154167 moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\winks\thumbs moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\winks moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\texts\thumbs moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\texts moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\sounds moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\graphics moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\FlashMenu moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\emoticons\thumbac moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\emoticons moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\displaypics moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\audibles\thumbs moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\audibles moved successfully.
Folder move failed. c:\documents and settings\Propriétaire\Application Data\HiYo\Data scheduled to be moved on reboot.
Folder move failed. c:\documents and settings\Propriétaire\Application Data\HiYo scheduled to be moved on reboot.
c:\documents and settings\All Users\Application Data\HiYo\AutoUpdatHtml moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\winks\thumbs moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\winks moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\texts\thumbs moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\texts moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\sounds moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\graphics moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\FlashMenu moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\emoticons\thumbac moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\emoticons moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\displaypics moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\audibles\thumbs moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\audibles moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data moved successfully.
c:\documents and settings\All Users\Application Data\HiYo moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_104502
Files moved on Reboot...
c:\documents and settings\Propriétaire\Application Data\HiYo\Data moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo moved successfully.
2eme rapport
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081127-1] 4.8.1290 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:49 Go (Free:34 Go)
D:\ (Local Disk) - FAT32 - Total:25 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 2008-11-27|10:48 )
--------------------\\ Listing des dossiers dans APPLIC~1
[2004-11-17|10:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2004-11-17|10:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-09-23|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-10-12|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
[2008-09-23|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[2008-09-23|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
[2008-11-24|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
[2008-11-07|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[2008-10-05|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-09-23|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2008-10-12|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2004-11-17|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-11-24|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[2008-09-23|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeoEdge Networks
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
[2008-10-27|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[2008-09-23|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[2008-09-23|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2008-10-03|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[2008-09-23|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\StatusSheet
[2008-09-23|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-09-23|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
[2008-10-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[2008-10-16|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
[2008-10-04|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-09-23|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-10-12|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[2004-11-17|10:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2004-11-17|10:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-09-23|12:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
[2008-09-23|13:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[2008-11-11|21:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\DeepBurner
[2008-11-24|21:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\GameHouse
[2008-10-05|16:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[2004-11-17|10:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[2008-09-23|11:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
[2008-10-08|13:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[2008-10-05|16:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[2008-09-23|13:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[2004-11-17|10:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[2008-11-10|13:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\mIRC
[2008-11-16|11:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\MysteryStudio
[2008-09-23|15:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nikon
[2008-10-27|13:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\PlayFirst
[2008-09-23|11:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[2008-09-23|12:16] C:\DOCUME~1\PROPRI~1\APPLIC~1\Roxio
[2008-11-06|11:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\SulusGames
[2008-10-05|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[2008-09-27|17:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\U3
[2008-09-23|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\uTorrent
[2008-10-04|22:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint
[2008-09-23|14:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Vso
[2008-09-23|12:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Winamp
[2008-10-15|22:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2008-11-27 10:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2003-04-24 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2008-09-23|11:51] C:\Program Files\Adobe
[2008-09-23|11:21] C:\Program Files\Alwil Software
[2008-09-23|11:24] C:\Program Files\ArcSoft
[2008-11-11|21:25] C:\Program Files\Astonsoft
[2008-09-23|13:09] C:\Program Files\bfgclient
[2008-10-12|21:19] C:\Program Files\Big City Adventures-Sydney Australia
[2004-11-17|10:36] C:\Program Files\ComPlus Applications
[2008-11-07|19:46] C:\Program Files\Cooking Academy
[2008-11-19|09:06] C:\Program Files\Diner Dash Flo Through Time
[2008-09-23|14:17] C:\Program Files\DVDFab 5
[2008-11-11|21:13] C:\Program Files\Easy Avi Divx Xvid to DVD Burner
[2008-09-23|14:18] C:\Program Files\Elaborate Bytes
[2004-11-17|10:29] C:\Program Files\Fichiers communs
[2008-11-24|21:45] C:\Program Files\GameHouse
[2008-10-05|16:19] C:\Program Files\Google
[2008-11-11|21:06] C:\Program Files\honestech Burn DVD 3.2 Trial
[2004-09-17|15:36] C:\Program Files\InstallShield Installation Information
[2004-09-17|15:36] C:\Program Files\Intel
[2004-11-17|10:36] C:\Program Files\Internet Explorer
[2004-09-17|15:51] C:\Program Files\InterVideo
[2008-10-05|16:18] C:\Program Files\Java
[2008-11-06|11:11] C:\Program Files\Jewelleria
[2008-10-12|21:25] C:\Program Files\Laura Jones and the Gates of Good and Evil
[2008-09-03|15:28] C:\Program Files\Les Affaires Perdues de Sherlock Holmes
[2008-11-11|19:38] C:\Program Files\LimeWire
[2008-11-24|21:40] C:\Program Files\Little Shop 3
[2005-06-07|17:20] C:\Program Files\Marvell
[2004-11-17|10:35] C:\Program Files\Messenger
[2008-09-28|12:10] C:\Program Files\MétéoMédia
[2004-11-17|10:39] C:\Program Files\microsoft frontpage
[2008-09-23|11:43] C:\Program Files\Microsoft Office
[2008-09-23|12:50] C:\Program Files\Microsoft SQL Server Compact Edition
[2008-09-23|11:45] C:\Program Files\Microsoft.NET
[2008-11-10|13:24] C:\Program Files\mIRC
[2008-09-23|12:59] C:\Program Files\MostFun
[2004-11-17|10:37] C:\Program Files\Movie Maker
[2008-09-23|11:48] C:\Program Files\MPIO
[2004-11-17|10:35] C:\Program Files\MSN
[2004-11-17|10:35] C:\Program Files\MSN Gaming Zone
[2008-09-24|07:18] C:\Program Files\MSXML 4.0
[2008-11-24|21:44] C:\Program Files\Mystere a Londres
[2008-11-24|21:46] C:\Program Files\Mystery Stories Island of Hope
[2008-11-24|21:47] C:\Program Files\Neptune's Secret
[2004-11-17|10:36] C:\Program Files\NetMeeting
[2008-09-23|11:25] C:\Program Files\Nikon
[2008-10-12|21:20] C:\Program Files\orange
[2004-11-17|10:36] C:\Program Files\Outlook Express
[2008-09-23|11:24] C:\Program Files\QuickTime
[2008-09-23|11:49] C:\Program Files\Real
[2004-09-17|15:39] C:\Program Files\Realtek
[2008-11-24|21:47] C:\Program Files\ReflexiveArcade
[2008-09-23|12:04] C:\Program Files\Roxio
[2004-11-17|10:37] C:\Program Files\Services en ligne
[2008-10-03|23:39] C:\Program Files\SlySoft
[2008-09-23|12:13] C:\Program Files\Sonic
[2008-11-24|21:51] C:\Program Files\SPRILL
[2004-11-17|10:47] C:\Program Files\Uninstall Information
[2008-09-23|13:05] C:\Program Files\uTorrent
[2008-10-04|22:49] C:\Program Files\Viewpoint
[2008-10-27|13:34] C:\Program Files\Wedding Dash
[2008-09-23|12:53] C:\Program Files\Winamp
[2008-09-23|12:48] C:\Program Files\Windows Live
[2008-10-04|19:24] C:\Program Files\Windows Media Connect 2
[2004-11-17|10:35] C:\Program Files\Windows Media Player
[2004-11-17|10:35] C:\Program Files\Windows NT
[2004-11-17|10:37] C:\Program Files\WindowsUpdate
[2004-09-17|15:35] C:\Program Files\WinRAR
[2004-11-17|10:39] C:\Program Files\xerox
[2008-10-12|21:17] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[2008-09-23|11:51] C:\Program Files\Fichiers communs\Adobe
[2008-09-23|11:44] C:\Program Files\Fichiers communs\DESIGNER
[2004-09-17|15:36] C:\Program Files\Fichiers communs\InstallShield
[2008-10-05|16:18] C:\Program Files\Fichiers communs\Java
[2004-11-17|10:29] C:\Program Files\Fichiers communs\Microsoft Shared
[2004-11-17|10:37] C:\Program Files\Fichiers communs\MSSoap
[2008-09-23|11:26] C:\Program Files\Fichiers communs\muvee Technologies
[2008-09-23|11:25] C:\Program Files\Fichiers communs\Nikon
[2008-10-12|21:20] C:\Program Files\Fichiers communs\Oberon Media
[2004-11-17|10:29] C:\Program Files\Fichiers communs\ODBC
[2008-09-23|11:49] C:\Program Files\Fichiers communs\Real
[2004-09-17|15:47] C:\Program Files\Fichiers communs\Roxio Shared
[2004-11-17|10:37] C:\Program Files\Fichiers communs\Services
[2008-09-23|12:12] C:\Program Files\Fichiers communs\Sonic Shared
[2004-11-17|10:29] C:\Program Files\Fichiers communs\SpeechEngines
[2004-11-17|10:36] C:\Program Files\Fichiers communs\System
[2008-09-23|12:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-09-23|11:50] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 46 Processes )
iexplore.exe ~ [PID:3192]
iexplore.exe ~ [PID:3920]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 10:50:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:1][D:1]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:27][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:196][D:4]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 2008-11-27|10:50 - Option : [1]
--------------------\\ Fin du rapport a 10:50:35
c:\program files\HiYo\Bin moved successfully.
c:\program files\HiYo moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\726876375 moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\636154167 moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\winks\thumbs moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\winks moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\texts\thumbs moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\texts moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\sounds moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\graphics moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\FlashMenu moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\emoticons\thumbac moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\emoticons moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\displaypics moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\audibles\thumbs moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo\Data\audibles moved successfully.
Folder move failed. c:\documents and settings\Propriétaire\Application Data\HiYo\Data scheduled to be moved on reboot.
Folder move failed. c:\documents and settings\Propriétaire\Application Data\HiYo scheduled to be moved on reboot.
c:\documents and settings\All Users\Application Data\HiYo\AutoUpdatHtml moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\winks\thumbs moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\winks moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\texts\thumbs moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\texts moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\sounds moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\graphics moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\FlashMenu moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\emoticons\thumbac moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\emoticons moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\displaypics moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\audibles\thumbs moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data\audibles moved successfully.
c:\documents and settings\All Users\Application Data\HiYo\Data moved successfully.
c:\documents and settings\All Users\Application Data\HiYo moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_104502
Files moved on Reboot...
c:\documents and settings\Propriétaire\Application Data\HiYo\Data moved successfully.
c:\documents and settings\Propriétaire\Application Data\HiYo moved successfully.
2eme rapport
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081127-1] 4.8.1290 (Activated)
A:\ (USB)
C:\ (Local Disk) - FAT32 - Total:49 Go (Free:34 Go)
D:\ (Local Disk) - FAT32 - Total:25 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 2008-11-27|10:48 )
--------------------\\ Listing des dossiers dans APPLIC~1
[2004-11-17|10:47] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[2004-11-17|10:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[2008-09-23|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[2008-10-12|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Astar Games
[2008-09-23|13:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
[2008-09-23|14:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EnterNHelp
[2008-11-24|21:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EscapeTheMuseum
[2008-11-07|19:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fugazo
[2008-10-05|16:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[2008-09-23|12:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[2008-10-12|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[2004-11-17|10:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[2008-11-24|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\n7-89-o9-3r-4t-r9
[2008-09-23|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NeoEdge Networks
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nikon
[2008-10-27|13:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[2008-09-23|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[2008-09-23|13:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[2008-10-03|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
[2008-09-23|12:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\StatusSheet
[2008-09-23|13:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[2008-09-23|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
[2008-09-23|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ultima_T15
[2008-10-04|22:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[2008-10-16|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
[2008-10-04|19:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[2008-09-23|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[2008-10-12|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[2004-11-17|10:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[2004-11-17|10:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[2008-09-23|12:16] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio
[2008-09-23|13:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[2008-11-11|21:25] C:\DOCUME~1\PROPRI~1\APPLIC~1\DeepBurner
[2008-11-24|21:45] C:\DOCUME~1\PROPRI~1\APPLIC~1\GameHouse
[2008-10-05|16:26] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[2004-11-17|10:47] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[2008-09-23|11:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterTrust
[2008-10-08|13:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\InterVideo
[2008-10-05|16:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[2008-09-23|13:00] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[2004-11-17|10:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[2008-11-10|13:24] C:\DOCUME~1\PROPRI~1\APPLIC~1\mIRC
[2008-11-16|11:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\MysteryStudio
[2008-09-23|15:43] C:\DOCUME~1\PROPRI~1\APPLIC~1\Nikon
[2008-10-27|13:05] C:\DOCUME~1\PROPRI~1\APPLIC~1\PlayFirst
[2008-09-23|11:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Real
[2008-09-23|12:16] C:\DOCUME~1\PROPRI~1\APPLIC~1\Roxio
[2008-11-06|11:11] C:\DOCUME~1\PROPRI~1\APPLIC~1\SulusGames
[2008-10-05|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[2008-09-27|17:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\U3
[2008-09-23|13:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\uTorrent
[2008-10-04|22:49] C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint
[2008-09-23|14:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Vso
[2008-09-23|12:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Winamp
[2008-10-15|22:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[2008-11-27 10:46][--ah-----] C:\WINDOWS\tasks\SA.DAT
[2003-04-24 07:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[2008-09-23|11:51] C:\Program Files\Adobe
[2008-09-23|11:21] C:\Program Files\Alwil Software
[2008-09-23|11:24] C:\Program Files\ArcSoft
[2008-11-11|21:25] C:\Program Files\Astonsoft
[2008-09-23|13:09] C:\Program Files\bfgclient
[2008-10-12|21:19] C:\Program Files\Big City Adventures-Sydney Australia
[2004-11-17|10:36] C:\Program Files\ComPlus Applications
[2008-11-07|19:46] C:\Program Files\Cooking Academy
[2008-11-19|09:06] C:\Program Files\Diner Dash Flo Through Time
[2008-09-23|14:17] C:\Program Files\DVDFab 5
[2008-11-11|21:13] C:\Program Files\Easy Avi Divx Xvid to DVD Burner
[2008-09-23|14:18] C:\Program Files\Elaborate Bytes
[2004-11-17|10:29] C:\Program Files\Fichiers communs
[2008-11-24|21:45] C:\Program Files\GameHouse
[2008-10-05|16:19] C:\Program Files\Google
[2008-11-11|21:06] C:\Program Files\honestech Burn DVD 3.2 Trial
[2004-09-17|15:36] C:\Program Files\InstallShield Installation Information
[2004-09-17|15:36] C:\Program Files\Intel
[2004-11-17|10:36] C:\Program Files\Internet Explorer
[2004-09-17|15:51] C:\Program Files\InterVideo
[2008-10-05|16:18] C:\Program Files\Java
[2008-11-06|11:11] C:\Program Files\Jewelleria
[2008-10-12|21:25] C:\Program Files\Laura Jones and the Gates of Good and Evil
[2008-09-03|15:28] C:\Program Files\Les Affaires Perdues de Sherlock Holmes
[2008-11-11|19:38] C:\Program Files\LimeWire
[2008-11-24|21:40] C:\Program Files\Little Shop 3
[2005-06-07|17:20] C:\Program Files\Marvell
[2004-11-17|10:35] C:\Program Files\Messenger
[2008-09-28|12:10] C:\Program Files\MétéoMédia
[2004-11-17|10:39] C:\Program Files\microsoft frontpage
[2008-09-23|11:43] C:\Program Files\Microsoft Office
[2008-09-23|12:50] C:\Program Files\Microsoft SQL Server Compact Edition
[2008-09-23|11:45] C:\Program Files\Microsoft.NET
[2008-11-10|13:24] C:\Program Files\mIRC
[2008-09-23|12:59] C:\Program Files\MostFun
[2004-11-17|10:37] C:\Program Files\Movie Maker
[2008-09-23|11:48] C:\Program Files\MPIO
[2004-11-17|10:35] C:\Program Files\MSN
[2004-11-17|10:35] C:\Program Files\MSN Gaming Zone
[2008-09-24|07:18] C:\Program Files\MSXML 4.0
[2008-11-24|21:44] C:\Program Files\Mystere a Londres
[2008-11-24|21:46] C:\Program Files\Mystery Stories Island of Hope
[2008-11-24|21:47] C:\Program Files\Neptune's Secret
[2004-11-17|10:36] C:\Program Files\NetMeeting
[2008-09-23|11:25] C:\Program Files\Nikon
[2008-10-12|21:20] C:\Program Files\orange
[2004-11-17|10:36] C:\Program Files\Outlook Express
[2008-09-23|11:24] C:\Program Files\QuickTime
[2008-09-23|11:49] C:\Program Files\Real
[2004-09-17|15:39] C:\Program Files\Realtek
[2008-11-24|21:47] C:\Program Files\ReflexiveArcade
[2008-09-23|12:04] C:\Program Files\Roxio
[2004-11-17|10:37] C:\Program Files\Services en ligne
[2008-10-03|23:39] C:\Program Files\SlySoft
[2008-09-23|12:13] C:\Program Files\Sonic
[2008-11-24|21:51] C:\Program Files\SPRILL
[2004-11-17|10:47] C:\Program Files\Uninstall Information
[2008-09-23|13:05] C:\Program Files\uTorrent
[2008-10-04|22:49] C:\Program Files\Viewpoint
[2008-10-27|13:34] C:\Program Files\Wedding Dash
[2008-09-23|12:53] C:\Program Files\Winamp
[2008-09-23|12:48] C:\Program Files\Windows Live
[2008-10-04|19:24] C:\Program Files\Windows Media Connect 2
[2004-11-17|10:35] C:\Program Files\Windows Media Player
[2004-11-17|10:35] C:\Program Files\Windows NT
[2004-11-17|10:37] C:\Program Files\WindowsUpdate
[2004-09-17|15:35] C:\Program Files\WinRAR
[2004-11-17|10:39] C:\Program Files\xerox
[2008-10-12|21:17] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[2008-09-23|11:51] C:\Program Files\Fichiers communs\Adobe
[2008-09-23|11:44] C:\Program Files\Fichiers communs\DESIGNER
[2004-09-17|15:36] C:\Program Files\Fichiers communs\InstallShield
[2008-10-05|16:18] C:\Program Files\Fichiers communs\Java
[2004-11-17|10:29] C:\Program Files\Fichiers communs\Microsoft Shared
[2004-11-17|10:37] C:\Program Files\Fichiers communs\MSSoap
[2008-09-23|11:26] C:\Program Files\Fichiers communs\muvee Technologies
[2008-09-23|11:25] C:\Program Files\Fichiers communs\Nikon
[2008-10-12|21:20] C:\Program Files\Fichiers communs\Oberon Media
[2004-11-17|10:29] C:\Program Files\Fichiers communs\ODBC
[2008-09-23|11:49] C:\Program Files\Fichiers communs\Real
[2004-09-17|15:47] C:\Program Files\Fichiers communs\Roxio Shared
[2004-11-17|10:37] C:\Program Files\Fichiers communs\Services
[2008-09-23|12:12] C:\Program Files\Fichiers communs\Sonic Shared
[2004-11-17|10:29] C:\Program Files\Fichiers communs\SpeechEngines
[2004-11-17|10:36] C:\Program Files\Fichiers communs\System
[2008-09-23|12:48] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[2008-09-23|11:50] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 46 Processes )
iexplore.exe ~ [PID:3192]
iexplore.exe ~ [PID:3920]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-27 10:50:06
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:1][D:1]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:27][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:196][D:4]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
1 - "C:\Lop SD\LopR_1.txt" - 2008-11-27|10:50 - Option : [1]
--------------------\\ Fin du rapport a 10:50:35
toujours avec ot move it 3
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint
tu as toujours des pubs ?
ps : la centrale meteo que tu as me parait pas tres catholique, tu en penses quoi ?
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint
tu as toujours des pubs ?
ps : la centrale meteo que tu as me parait pas tres catholique, tu en penses quoi ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Pour la station météo, je n'ai jamais eu de problème et ça vient de météo média... c'est une chaine de télévision au Canada, très fiable!!!!
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint\Common moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_105845
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads\Cache moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager\Downloads moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Manager moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully.
C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully.
C:\Program Files\Viewpoint\Common moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData moved successfully.
C:\Program Files\Viewpoint\Viewpoint Manager moved successfully.
C:\Program Files\Viewpoint moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint\Viewpoint Media Player moved successfully.
C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_105845
========== FILES ==========
File/Folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint not found.
File/Folder C:\Program Files\Viewpoint not found.
File/Folder C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint not found.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_110115
File/Folder C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint not found.
File/Folder C:\Program Files\Viewpoint not found.
File/Folder C:\DOCUME~1\PROPRI~1\APPLIC~1\Viewpoint not found.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11272008_110115
plus rapide que l´éclaire ! lol
bon maintenant je vais malheureusement te stoper dans ton élan car on va passer un anti spyware : ( c´est un peu long même si on fait juste un scan rapide)
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
bon maintenant je vais malheureusement te stoper dans ton élan car on va passer un anti spyware : ( c´est un peu long même si on fait juste un scan rapide)
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
@+
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1428
Windows 5.1.2600 Service Pack 3
2008-11-27 11:08:01
mbam-log-2008-11-27 (11-08-01).txt
Type de recherche: Examen rapide
Eléments examinés: 47695
Temps écoulé: 2 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 1428
Windows 5.1.2600 Service Pack 3
2008-11-27 11:08:01
mbam-log-2008-11-27 (11-08-01).txt
Type de recherche: Examen rapide
Eléments examinés: 47695
Temps écoulé: 2 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
desolé je te l´ai jamais demandé...
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:45, on 2008-11-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095451520406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223237980496&h=b8bb55125975d33e1022fcd9fa09e0ad/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Viewpoint Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
Scan saved at 11:17:45, on 2008-11-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fsympatico.msn.ca%2fdefaultf.aspx%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095451520406
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1223237980496&h=b8bb55125975d33e1022fcd9fa09e0ad/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Viewpoint Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
ok
a l´aide de hijack this coche et fix les lignes suivantes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
---------
« Démarrer » > « Executer » > taper cmd > valide par ok
dans la fenetre noire tape ceci en respectant bien les espaces et guillemets
sc stop "Viewpoint Service" ==> [Enter]
et
sc delete "Viewpoint Service" ==> [Enter]
--------
puis
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
Reglages :
en image :
http://speedweb1.free.fr/frames2.php?page=tuto5
mes explications :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
c´est pour verifier :)
puis pour plus de securité :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : https://www.malekal.com/tutorial-spywareblaster/
+
spyware gard :
https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
et
tu n´as pas de par feu :
par feu : kerio
telechargement : http://www.filehippo.com/download_sunbelt_personal_firewall/tech/468/
tuto :
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou
Comodo 3 pro :
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
tuto : https://www.malekal.com/tutorial-comodo-firewall/
ou
Online armor :
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
tuto : https://www.malekal.com/tutorial-online-armor-free/
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
post donc le rapport d´antivir
bon courage ;-)
@+
a l´aide de hijack this coche et fix les lignes suivantes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
---------
« Démarrer » > « Executer » > taper cmd > valide par ok
dans la fenetre noire tape ceci en respectant bien les espaces et guillemets
sc stop "Viewpoint Service" ==> [Enter]
et
sc delete "Viewpoint Service" ==> [Enter]
--------
puis
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
Reglages :
en image :
http://speedweb1.free.fr/frames2.php?page=tuto5
mes explications :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
c´est pour verifier :)
puis pour plus de securité :
spywareblaster :
http://www.brightfort.com/spywareblaster.html
c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"
tuto : https://www.malekal.com/tutorial-spywareblaster/
+
spyware gard :
https://www.zebulon.fr/dossiers/securite/47-spywareguard.html
et
tu n´as pas de par feu :
par feu : kerio
telechargement : http://www.filehippo.com/download_sunbelt_personal_firewall/tech/468/
tuto :
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou
Comodo 3 pro :
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
tuto : https://www.malekal.com/tutorial-comodo-firewall/
ou
Online armor :
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
tuto : https://www.malekal.com/tutorial-online-armor-free/
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
post donc le rapport d´antivir
bon courage ;-)
@+
@++