Besoin de votre aide a cose dun enorme virus

Résolu
acrobatika -  
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Salut a touses j'ai vraiment besoin d'aide depuis queqlues tans j'Ai un fond d'ecran noir avec écrit desu " DANGEROUS SPYWARE .... " et quand je veut changer le fond d'ecran c vérouillé et sur la barres des taches il ya un rond rouge avec une crois blanche et un mesage safiche en me disan "WARNING! SECURITY REPORT YOUR COMPUTER IS INFECTED...."

j'aimerais que vou me didiez se que ces et comment je pourai y remedier

acrobatika
A voir également:

37 réponses

Précédent
  • 1
  • 2
Réponse 21 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
tu ne peux pas scanner le dossier complet "grouppolicy " ?
0
Réponse 22 / 37
acrobatika
 
Non je peut pa car il ya plusieur fichier
0
Réponse 23 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
salut ,j'ai trouvé des infos pour grouppolicy et apparement il serait légitime donc pas de soucis ..

> Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
- Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie/colle dedans les lignes suivantes :

Driver::
dunmyhik6yp
Folder::
c:\program files\AskPBar
File::
c:\windows\system32\winhlp.exe
c:\windows\system32\windows_update.exe



- Enregistre ce fichier sous le nom CFScript
- Fait un glisser/déposer de ce fichier CFScrïpt sur le fichier ComboFix.exe comme sur cette image. (Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris.) Combofix va démarrer.
- Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
- Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Note : Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 24 / 37
acrobatika
 
ComboFix 08-12-17.01 - yasmina 2008-12-22 20:47:11.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.332 [GMT 1:00]
Lancé depuis: c:\documents and settings\yasmina\Bureau\Combo-Fix.exe
Commutateurs utilisés :: c:\documents and settings\yasminaa\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\windows_update.exe
c:\windows\system32\winhlp.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\InvitÚ\Local Settings\Temporary Internet Files\
c:\program files\AskPBar
c:\program files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
c:\windows\system32\win32hlp.cnf
c:\windows\system32\windows_update.exe
c:\windows\system32\winhlp.exe

[COLOR=RED] c:\windows\system32\userinit.exe . . . est infecté!![/COLOR]

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-22 au 2008-12-22 ))))))))))))))))))))))))))))))))))))
.

2008-12-21 00:22 . 2008-12-22 20:54 <REP> d-------- c:\documents and settings\yasmina \Tracing
2008-12-20 23:51 . 2008-12-20 23:51 <REP> d-------- c:\program files\Microsoft Sync Framework
2008-12-20 23:44 . 2008-12-20 23:44 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-20 23:44 . 2008-12-20 23:44 <REP> d-------- c:\program files\Microsoft
2008-12-20 23:34 . 2008-12-20 23:34 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-19 19:29 . 2008-12-19 19:30 59,800 --a------ c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-12-18 16:06 . 2008-12-18 16:07 <REP> d-------- c:\program files\Windows Live Safety Center
2008-12-17 14:59 . 2008-12-21 01:18 <REP> d-------- C:\Lop SD
2008-12-16 20:39 . 2008-12-16 20:39 <REP> d-------- c:\windows\ERUNT
2008-12-16 20:32 . 2008-12-16 21:06 <REP> d-------- C:\SDFix
2008-12-15 19:16 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2008-12-07 14:36 . 2008-12-07 14:36 <REP> d--hs---- C:\Diskeeper
2008-12-07 14:35 . 2008-12-07 14:35 <REP> d-------- c:\program files\Diskeeper Corporation
2008-12-07 14:35 . 2008-12-07 14:35 <REP> d-------- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2008-12-07 14:15 . 2008-12-07 14:15 <REP> d--h----- c:\windows\system32\GroupPolicy
2008-12-06 22:33 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-12-06 22:33 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-12-06 22:33 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-12-06 22:33 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-12-06 22:33 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-12-06 22:33 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-12-06 22:33 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-06 22:33 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-05 00:11 . 2008-12-05 00:11 308,584 --a------ c:\windows\WLXPGSS.SCR
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-02 17:07 . 2008-12-02 17:07 <REP> d-------- c:\documents and settings\La famille
2008-11-27 16:26 . 2008-11-27 16:26 <REP> d-------- c:\program files\SAGEM
2008-11-27 16:26 . 2008-11-27 16:26 <REP> d-------- c:\documents and settings\yasmina\Application Data\InstallShield
2008-11-26 15:11 . 2008-11-26 15:11 10,584,058 --a------ c:\windows\system32\bilallll.wav
2008-11-23 01:19 . 2008-11-23 01:19 100,352 --a------ c:\windows\system32\drivers\dunmyhik6yp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-22 19:32 --------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 1
2008-12-22 18:26 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-20 23:58 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-20 22:52 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-20 22:52 --------- d-----w c:\program files\Windows Live
2008-12-20 15:56 --------- d-----w c:\program files\VDOWNLOADERvideo
2008-12-15 21:27 --------- d-----w c:\program files\Google
2008-12-10 20:56 --------- d-----w c:\program files\PhotoScape
2008-12-10 20:09 --------- d-----w c:\program files\Picasa2
2008-11-27 15:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 19:49 --------- d-----w c:\program files\PhotoFiltre
2008-11-21 18:32 --------- d-----w c:\program files\photoKC Softwares
2008-11-21 18:32 --------- d-----w c:\documents and settings\yasmina\Application Data\KC Softwares
2008-11-17 15:33 --------- d-----w c:\program files\Gdot
2008-11-15 17:58 --------- d-----w c:\program files\Jasc Software Inc
2008-11-15 17:58 --------- d-----w c:\documents and settings\yasmina\Application Data\Jasc
2008-11-15 17:57 --------- d-----w c:\program files\animation shopJasc Software Inc
2008-11-15 17:42 --------- d-----w c:\program files\Corel
2008-11-15 17:18 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-15 17:15 --------- d-----w c:\program files\Fichiers communs\InstallShield
2008-11-15 17:15 --------- d-----w c:\documents and settings\yasmina\Application Data\Corel
2008-11-15 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-11-14 21:26 --------- d-----w c:\program files\Samsung
2008-11-14 15:55 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 17:04 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-11 16:35 --------- d-----w c:\documents and settings\yasmina\Application Data\Samsung
2008-11-11 16:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-11 15:18 --------- d-----w c:\program files\Adobe CS3
2008-11-11 14:48 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-10 14:09 --------- d-----w c:\program files\Fichiers communs\Macromedia
2008-11-09 14:31 --------- d-----w c:\documents and settings\yasmina \Application Data\OpenOffice.org
2008-11-09 13:35 --------- d-----w c:\program files\HP
2008-11-08 16:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-08 16:21 --------- d-----w c:\program files\Windows Installer Clean Up
2008-11-08 00:13 --------- d-----w c:\program files\Fichiers communs\Windows Live Installer
2008-11-07 23:47 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-11-07 23:44 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-07 22:39 --------- d-----w c:\program files\CCleaner
2008-11-07 16:06 --------- d-----w c:\documents and settings\yasmina\Application Data\NCH Swift Sound
2008-11-07 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2008-11-07 15:50 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-07 15:50 --------- d-----w c:\program files\OpenOffice.org 2.3
2008-11-07 15:50 --------- d-----w c:\program files\JRE
2008-11-07 15:49 --------- d-----w c:\program files\Java
2008-11-07 15:48 --------- d-----w c:\program files\Fichiers communs\Java
2008-11-07 15:47 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-11-06 21:48 --------- d-----w c:\program files\microsoft frontpage
2008-11-06 21:48 --------- d-----w c:\documents and settings\yasmina\Application Data\Microsoft Web Folders
2008-11-06 21:42 --------- d-----w c:\program files\ahead
2008-11-06 21:36 --------- d-----w c:\program files\Athan
2008-11-03 19:12 --------- d-----w c:\program files\Conduit
2008-11-03 19:12 --------- d-----w c:\program files\Au_Coeur_de_l'Islam
2008-11-03 19:12 --------- d-----w c:\documents and settings\yasmina\Application Data\Yahoo!
2008-11-03 15:02 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-03 00:44 --------- d-----w c:\program files\Yahoo!
2008-11-03 00:38 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-02 23:46 --------- d-----w c:\program files\Alwil Software
2008-11-01 22:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-01 21:22 --------- d-----w c:\documents and settings\yasmina\Application Data\Media Player Classic
2008-11-01 19:41 118,842 -c----r c:\windows\bwUnin-6.3.2.123-6588780L.exe
2008-11-01 19:41 --------- d-----w c:\program files\AntivirusFirewall
2008-11-01 16:11 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-01 16:11 --------- d-----w c:\documents and settings\yasmina\Application Data\Malwarebytes
2008-11-01 16:11 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-01 10:39 14,645 ----a-w c:\program files\Fichiers communs\casekap.com
2008-10-31 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-10-31 18:34 12,758 ----a-w c:\program files\Fichiers communs\bisokyjy.sys
2008-10-30 10:13 19,798 ----a-w c:\documents and settings\All Users\Application Data\ehicidat.com
2008-10-30 10:13 18,506 ----a-w c:\program files\Fichiers communs\orecat.ban
2008-10-30 10:13 18,459 ----a-w c:\windows\ecozejywej.vbs
2008-10-30 10:13 13,885 ----a-w c:\program files\Fichiers communs\gigiq.pif
2008-10-30 10:13 13,381 ----a-w c:\documents and settings\All Users\Application Data\uwum.scr
2008-10-30 10:13 11,749 ----a-w c:\program files\Fichiers communs\enusuwy.bin
2008-10-29 18:15 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-29 18:14 --------- d-----w c:\program files\Lavasoft
2008-10-29 18:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-29 15:23 --------- d-----w c:\program files\QuickTime
2008-10-29 15:23 --------- d-----w c:\program files\Orange
2008-10-29 15:23 --------- d-----w c:\program files\iTunes
2008-10-29 15:23 --------- d-----w c:\program files\iPod
2008-10-29 15:23 --------- d-----w c:\program files\Hewlett-Packard
2008-10-29 15:23 --------- d-----w c:\program files\Fichiers communs\LightScribe
2008-10-29 15:23 --------- d-----w c:\program files\Fichiers communs\HP
2008-10-29 15:22 --------- d-----w c:\program files\Bonjour
2008-10-29 15:22 --------- d-----w c:\program files\Acer WLAN 11g USB Dongle
2008-10-29 11:29 18,632 ----a-w c:\documents and settings\All Users\Application Data\qebaxomojo.scr
2008-10-28 16:28 12,170 ----a-w c:\windows\wubocihyt.exe
2008-10-28 16:28 11,970 ----a-w c:\documents and settings\All Users\Application Data\lyxase.bin
2008-10-28 16:28 11,299 ----a-w c:\documents and settings\All Users\Application Data\oroso.sys
2008-10-27 16:52 500 ----a-w c:\windows\Fonts\XXII FontRightInfo.rtf
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-18_21.11.13.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-21 14:41:15 27,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\c6772fd12a581ad3be49e3f2a80b5622\Accessibility.ni.dll
+ 2008-12-21 14:41:29 884,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\a1d353edc300e3aff0784202f68a657b\AspNetMMCExt.ni.dll
+ 2008-12-21 14:43:31 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c10ec9b4de2b366236ec83237dc31281\CustomMarshalers.ni.dll
+ 2008-12-21 14:43:31 15,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
+ 2008-12-21 14:43:33 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\9710a3c0d11dd264c3a6b88977699e9b\Microsoft.Build.Engine.ni.dll
+ 2008-12-21 14:43:33 81,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\e2858a45971fb30b0c0523dbb52c1d4e\Microsoft.Build.Framework.ni.dll
+ 2008-12-21 14:43:36 1,695,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\63d69ffdf3c640d2d104a4b74e8115f8\Microsoft.Build.Tasks.ni.dll
+ 2008-12-21 14:43:37 167,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\11cb5418c06e30100616fbf205588489\Microsoft.Build.Utilities.ni.dll
+ 2008-12-21 14:43:39 1,740,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\923bd55258380eae77353d36a5a1b08f\Microsoft.VisualBasic.ni.dll
+ 2008-12-21 14:42:54 17,920 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\cd0730694ba5927a6efd32129783e1b4\Microsoft.VisualC.ni.dll
+ 2008-12-21 14:41:14 11,722,752 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll
+ 2008-12-21 14:43:19 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\c46625ea87db53ccf6194fe17ee05c19\System.Configuration.Install.ni.dll
+ 2008-12-21 14:41:45 1,011,712 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll
+ 2008-12-21 14:43:17 1,183,744 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\1abdb47765d0696a2fc0a1095bac0249\System.Data.OracleClient.ni.dll
+ 2008-12-21 14:41:58 2,756,608 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\e59504af41afab5e04681af951d9b302\System.Data.SqlXml.ni.dll
+ 2008-12-21 14:42:53 7,049,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\5f669e819da7010c1dca347a25597c42\System.Data.ni.dll
+ 2008-12-21 14:42:19 1,798,144 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7dea4895e1fa33d65e448c03de48d26\System.Deployment.ni.dll
+ 2008-12-21 14:43:14 10,969,088 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\c1e16b40e30a05c39be8aee46311841c\System.Design.ni.dll
+ 2008-12-21 14:42:58 1,224,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\914668b240550f529e54bb772c6fc881\System.DirectoryServices.ni.dll
+ 2008-12-21 14:43:18 512,000 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f11bc82c09955cb8438d3885a99c297d\System.DirectoryServices.Protocols.ni.dll
+ 2008-12-21 14:43:14 229,376 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b974f6c17d17a533adf6e7710c5a62fa\System.Drawing.Design.ni.dll
+ 2008-12-21 14:42:01 1,667,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\[u]0[/u]e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll
+ 2008-12-21 14:42:56 659,456 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.ni.dll
+ 2008-12-21 14:42:56 294,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\646131eda5f21f4e6216733d49c22c56\System.EnterpriseServices.Wrapper.dll
+ 2008-12-21 14:42:59 815,104 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\[u]0[/u]898f6c1de8cb89413d206e3d6a3ce1d\System.Runtime.Remoting.ni.dll
+ 2008-12-21 14:42:18 339,968 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1f5cf8178029f5b959a9af75cb8cfedb\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2008-12-21 14:41:59 733,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\2b5994269cc5b996231c9b21afea9a91\System.Security.ni.dll
+ 2008-12-21 14:43:18 233,472 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\193ac978af569ad9ee45110b359961b9\System.ServiceProcess.ni.dll
+ 2008-12-21 14:42:55 679,936 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\12e0aa1030badf4524f897e3f57b037a\System.Transactions.ni.dll
+ 2008-12-21 14:43:46 2,342,912 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\37d87b3cab1c66ec4430ebb2abeaa570\System.Web.Mobile.ni.dll
+ 2008-12-21 14:43:17 237,568 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5b81faf46fc63c20d5339b36edd02fa\System.Web.RegularExpressions.ni.dll
+ 2008-12-21 14:43:02 1,986,560 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\38991368499e2109ea4099a0fe29c5a3\System.Web.Services.ni.dll
+ 2008-12-21 14:42:43 12,509,184 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\67cfb70213562afe2ca9b9066764af3a\System.Web.ni.dll
+ 2008-12-21 14:42:17 13,193,216 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll
+ 2008-12-21 14:41:53 5,771,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll
+ 2008-12-21 14:41:27 8,265,728 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll
+ 2008-12-21 14:43:26 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\[u]0[/u]cc727096eed2260b7046bd3d24a1f4d\WindowsLive.Client.ni.dll
+ 2008-12-21 14:43:19 475,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\[u]0[/u]591d4a408c4d383bbbd322537202e14\WindowsLive.Writer.Localization.ni.dll
+ 2008-12-21 14:43:29 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1247da6358f0ae60a40736d1f12d5682\WindowsLive.Writer.Instrumentation.ni.dll
+ 2008-12-21 14:41:43 868,352 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1ae3e1a67368946809ccd0c5f8607f83\WindowsLive.Writer.Controls.ni.dll
+ 2008-12-21 14:43:21 282,624 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1ce15998d2167008b20f4df3786332a9\WindowsLive.Writer.Mshtml.ni.dll
+ 2008-12-21 14:43:23 143,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3388246b38fef0a5c5e80a6c19e072d7\WindowsLive.Writer.Extensibility.ni.dll
+ 2008-12-21 14:43:20 131,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\802f80c75181ae08b1daa989d3a09c6c\WindowsLive.Writer.Passport.ni.dll
+ 2008-12-21 14:42:23 200,704 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\855809e4b9da1b9f5e2c5d7cd4c03fb3\WindowsLive.Writer.BrowserControl.ni.dll
+ 2008-12-21 14:43:22 1,155,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88e4db025533ea201d11a7a5bc98ab41\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2008-12-21 14:42:22 2,080,768 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9c594e19bd66568a1b8515e2c1baf70f\WindowsLive.Writer.CoreServices.ni.dll
+ 2008-12-21 14:43:29 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a853dcf0cd025e0b7c564ea4f165814d\WindowsLive.Writer.FileDestinations.ni.dll
+ 2008-12-21 14:43:27 634,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b3f79926453c36ed53ec4c041b3c6521\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2008-12-21 14:43:25 921,600 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c417cc50227063fa8b4a79753c7dafbf\WindowsLive.Writer.BlogClient.ni.dll
+ 2008-12-21 14:43:23 114,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cdbe22b356cbac3fc3e92bad341a6fcf\WindowsLive.Writer.Api.ni.dll
+ 2008-12-21 14:42:23 335,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cffb44cd66b7dbdb08e436aa9a65a5e1\WindowsLive.Writer.Interop.ni.dll
+ 2008-12-21 14:43:28 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d0b5057d6946be858780d2bab7cb704e\WindowsLive.Writer.SpellChecker.ni.dll
+ 2008-12-21 14:42:24 348,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e606ee5c083456b61f01863dca1a33ed\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2008-12-21 14:42:24 335,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f30b32994901ac13621a8eefc45db051\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2008-12-21 14:42:25 176,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f5a60fe310f9cdcc16a7dbf1c74370d4\WindowsLive.Writer.HtmlParser.ni.dll
+ 2008-12-21 14:41:42 6,492,160 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f6c5806112b476aef1d9ad3ffc248b75\WindowsLive.Writer.PostEditor.ni.dll
+ 2008-12-21 14:43:30 634,880 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\7c9b8dd20719de2d217682c5bae14c1f\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2008-12-21 14:41:33 49,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e5ff00962844cbac82804e888d2258be\WindowsLiveWriter.ni.exe
+ 2008-12-20 22:44:13 62,288 ----a-r c:\windows\Installer\{01523985-2098-43AF-9C97-12B07BE02A9B}\IconWlc.exe
+ 2008-12-20 23:21:59 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2008-12-20 22:51:20 132,096 ----a-r c:\windows\Installer\{43563ACB-371B-4C58-8979-B192B390424C}\WLXPhotoGalleryIcon.exe
+ 2008-12-20 22:47:42 58,945 ----a-r c:\windows\Installer\{63DC2DA0-2A6C-4C38-9249-B75395458657}\wlmail.exe
- 2008-12-18 19:55:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-21 17:25:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-18 19:55:41 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-12-21 17:25:21 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-12-18 19:55:41 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-21 17:25:21 49,152 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-14 02:34:26 26,624 -c--a-w c:\windows\system32\dllcache\userinit.exe
- 2008-12-16 18:05:31 1,544,256 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-19 15:17:04 1,553,208 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-08 11:35:33 141,312 ----a-w c:\windows\system32\userinit.exe
+ 2008-04-14 02:34:26 26,624 ----a-w c:\windows\system32\userinit.exe
+ 2007-12-03 17:58:42 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
+ 2007-12-04 01:56:54 558,080 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
+ 2007-12-04 01:56:56 635,904 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebe28f40-dd8e-4a88-bbf1-d246defe14bd}]
2008-09-15 06:47 1784856 --a------ c:\program files\Au_Coeur\tbAu_C.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ebe28f40-dd8e-4a88-bbf1-d246defe14bd}"= "c:\program files\Au_Coeur\tbAu_C.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBE28F40-DD8E-4A88-BBF1-D246DEFE14BD}"= "c:\program files\Au_Coeur\tbAu_C.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{ebe28f40-dd8e-4a88-bbf1-d246defe14bd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-16 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"Athan"="c:\program files\Athan\Athan.exe" [2007-09-06 1003520]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"nwiz"="nwiz.exe" [2006-07-11 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 c:\windows\Alcmtr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"= 1 (0x1)
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AntivirusFirewall\\backweb\\6588780\\Program\\fspex.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 BackWeb Plug-in - 6588780;Antivirus Firewall;c:\progra~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2008-11-01 32807]
R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-10 14336]
R2 SeaPort;SeaPort;"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [2008-12-04 226640]
S2 OPTENET_FILTER;Control Parental;c:\program files\Controle Parental\bin\optproxy.exe []
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe []
.
Contenu du dossier 'Tâches planifiées'

2008-12-21 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []

2008-11-06 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\ANTIVI~1\ANTI-V~1\fsav.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-<NO NAME> - (no file)
HKU-Default-Run-user16 - c:\windows\system32\winhlp.exe


.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Bloquer cette fenêtre publicitaire - c:\program files\AntivirusFirewall\Anti-Spyware\blockpopups.htm

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
FF - ProfilePath - c:\documents and settings\yasmina\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.fr
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox 3.1 Beta 1\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 20:53:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AntivirusFirewall\backweb\6588780\Program\fsbwsys.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2008-12-22 21:02:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-22 20:02:05
ComboFix2.txt 2008-12-18 20:15:39

Avant-CF: 62ÿ420ÿ361ÿ216 octets libres
AprÞs-CF: 62,566,146,048 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer

396 --- E O F --- 2008-12-22 02:00:46
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt3.exe pour le lancer.

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:processes
explorer.exe


:Reg


:files
c:\windows\system32\drivers\dunmyhik6yp.sys
:services

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]



Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0
Réponse 26 / 37
acrobatika
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\drivers\dunmyhik6yp.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\etilqs_j5Na42Gsh1FNqv3drYoX scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\~DF2A3C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\~DF424D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\~DF5683.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\yasmina \Local Settings\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\yasmina \Local Settings\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\yasmina \Local Settings\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\yasmina \Local Settings\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\yasmina\Local Settings\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\yasmina\Local Settings\Application Data\Mozilla\Firefox\Profiles\a415xrhe.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_020955
0
Réponse 27 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
recolle moi un hijack et dis moi si tu as encore des soucis ?
0
Réponse 28 / 37
acrobatika
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:17, on 23/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\yasmina \Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Au Coeur Toolbar - {ebe28f40-dd8e-4a88-bbf1-d246defe14bd} - C:\Program Files\Au_Coeur\tbAu_C.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Au Coeur de l'Islam Toolbar - {ebe28f40-dd8e-4a88-bbf1-d246defe14bd} - C:\Program Files\Au_Coeur\tbAu_C.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [userinit] C:\Documents and Settings\Invité\Application Data\twext.exe (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [xsjfn83jkemfofght] C:\WINDOWS\TEMP\winlogin.exe (User 'Invité')
O4 - HKUS\S-1-5-21-761848118-1643587902-2477856012-501\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\INVIT~1\LOCALS~1\Temp\csrssc.exe (User 'Invité')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - S-1-5-21-761848118-1643587902-2477856012-501 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Invité')
O4 - S-1-5-21-761848118-1643587902-2477856012-501 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Invité')
O4 - S-1-5-21-761848118-1643587902-2477856012-501 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Invité')
O4 - S-1-5-21-761848118-1643587902-2477856012-501 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Invité')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Unknown owner - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (file missing)
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
0
Réponse 29 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
je viens tout juste de voir une chose .

Je voudrais que tu repasse LopS&D mais avec ta session "invité" . Choisis l'option 1 et colle moi le rapport .
0
Réponse 30 / 37
acrobatika
 
je n'arive sa me met accées refusé en plusieurs ligne


--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : yasmina( Administrator )
BOOT : Normal boot
Firewall : AntiVirus Firewall 6.15 6.15 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:56 Go)
D:\ (Local Disk) - FAT32 - Total:71 Go (Free:71 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 18/12/2008|13:48 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\nsp48.tmp
Supprime! - C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\nsqCD.tmp
Supprime! - C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp\nszE6.tmp

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[11/11/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[12/04/2007|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
[12/05/2008|15:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[12/05/2008|15:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/04/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[05/11/2006|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[07/12/2008|14:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Diskeeper Corporation
[01/11/2008|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[11/11/2008|17:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[04/11/2006|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\F-Secure
[27/11/2006|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[16/12/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[05/11/2006|13:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[15/11/2008|18:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[15/06/2008|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar2
[29/10/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[01/11/2008|17:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[15/06/2008|20:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[01/11/2008|18:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[07/11/2008|17:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound
[07/11/2006|20:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
[28/12/2007|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[29/04/2007|15:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
[25/05/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Recisio
[01/11/2008|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[13/12/2006|22:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[04/11/2006|20:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[08/11/2008|17:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[03/11/2008|01:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
[03/11/2008|16:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[15/04/2007|17:58] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Adobe
[16/04/2007|19:47] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\AdobeUM
[03/03/2007|20:45] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\CyberLink
[05/04/2007|19:52] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\F-Secure
[02/03/2007|21:30] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Google
[04/04/2007|09:48] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Help
[18/09/2006|01:52] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Identities
[02/03/2007|19:07] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\ispnews
[05/06/2008|20:15] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Macromedia
[29/04/2007|15:07] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Media Player Classic
[29/10/2008|17:53] C:\DOCUME~1\DAOUD~1.ACE\APPLIC~1\Microsoft

[17/02/2008|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[18/09/2006|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[18/09/2006|01:52] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[17/02/2008|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/02/2008|13:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Mozilla
[11/02/2008|13:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Talkback

[26/10/2008|20:06] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe
[16/05/2008|17:35] C:\DOCUME~1\INVIT~1\APPLIC~1\F-Secure
[24/09/2008|12:33] C:\DOCUME~1\INVIT~1\APPLIC~1\Google
[18/09/2006|01:52] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities
[13/03/2008|18:32] C:\DOCUME~1\INVIT~1\APPLIC~1\ispnews
[15/11/2008|19:02] C:\DOCUME~1\INVIT~1\APPLIC~1\Jasc
[28/10/2008|10:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia
[26/09/2008|16:55] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft
[03/11/2008|16:38] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla
[14/11/2008|18:55] C:\DOCUME~1\INVIT~1\APPLIC~1\OpenOffice.org
[29/10/2008|13:14] C:\DOCUME~1\INVIT~1\APPLIC~1\OpenOffice.org2
[26/09/2008|18:21] C:\DOCUME~1\INVIT~1\APPLIC~1\PowerChallenge
[24/09/2008|12:35] C:\DOCUME~1\INVIT~1\APPLIC~1\Real
[26/09/2008|18:08] C:\DOCUME~1\INVIT~1\APPLIC~1\Sun
[11/02/2008|13:58] C:\DOCUME~1\INVIT~1\APPLIC~1\Talkback
[27/11/2008|20:30] C:\DOCUME~1\INVIT~1\APPLIC~1\twain_32
[03/11/2008|16:02] C:\DOCUME~1\INVIT~1\APPLIC~1\Yahoo!


[10/12/2006|14:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
[27/01/2008|21:42] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[16/12/2007|23:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla
[27/11/2008|19:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\twain_32

[18/09/2006|01:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[29/11/2008|18:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\twain_32

[11/11/2008|17:04] C:\DOCUME~1\YASMIN~2\APPLIC~1\Adobe
[15/11/2008|18:15] C:\DOCUME~1\YASMIN~2\APPLIC~1\Corel
[29/10/2008|17:56] C:\DOCUME~1\YASMIN~2\APPLIC~1\Google
[15/11/2008|18:59] C:\DOCUME~1\YASMIN~2\APPLIC~1\Help
[18/09/2006|01:52] C:\DOCUME~1\YASMIN~2\APPLIC~1\Identities
[27/11/2008|16:26] C:\DOCUME~1\YASMIN~2\APPLIC~1\InstallShield
[15/11/2008|18:58] C:\DOCUME~1\YASMIN~2\APPLIC~1\Jasc
[21/11/2008|19:32] C:\DOCUME~1\YASMIN~2\APPLIC~1\KC Softwares
[18/09/2006|01:52] C:\DOCUME~1\YASMIN~2\APPLIC~1\Macromedia
[01/11/2008|17:11] C:\DOCUME~1\YASMIN~2\APPLIC~1\Malwarebytes
[01/11/2008|22:22] C:\DOCUME~1\YASMIN~2\APPLIC~1\Media Player Classic
[06/11/2008|23:07] C:\DOCUME~1\YASMIN~2\APPLIC~1\Microsoft
[06/11/2008|22:48] C:\DOCUME~1\YASMIN~2\APPLIC~1\Microsoft Web Folders
[11/02/2008|13:56] C:\DOCUME~1\YASMIN~2\APPLIC~1\Mozilla
[07/11/2008|17:06] C:\DOCUME~1\YASMIN~2\APPLIC~1\NCH Swift Sound
[09/11/2008|15:31] C:\DOCUME~1\YASMIN~2\APPLIC~1\OpenOffice.org
[11/11/2008|17:35] C:\DOCUME~1\YASMIN~2\APPLIC~1\Samsung
[07/11/2008|16:48] C:\DOCUME~1\YASMIN~2\APPLIC~1\Sun
[11/02/2008|13:58] C:\DOCUME~1\YASMIN~2\APPLIC~1\Talkback
[03/11/2008|20:12] C:\DOCUME~1\YASMIN~2\APPLIC~1\Yahoo!


--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[12/12/2008 18:00][--a------] C:\WINDOWS\tasks\Norton Security Scan.job
[07/11/2008 00:41][--a------] C:\WINDOWS\tasks\Scheduled scanning task.job
[17/12/2008 14:51][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[18/12/2008 13:43][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 21:00][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[29/10/2008|16:22] C:\Program Files\Acer WLAN 11g USB Dongle
[11/11/2008|18:03] C:\Program Files\Adobe
[11/11/2008|16:18] C:\Program Files\Adobe CS3
[06/11/2008|22:42] C:\Program Files\ahead
[03/11/2008|00:46] C:\Program Files\Alwil Software
[15/11/2008|18:57] C:\Program Files\animation shopJasc Software Inc
[01/11/2008|20:41] C:\Program Files\AntivirusFirewall
[29/10/2008|16:22] C:\Program Files\AskPBar
[06/11/2008|22:36] C:\Program Files\Athan
[03/11/2008|20:12] C:\Program Files\Au_Coeur
[29/10/2008|16:22] C:\Program Files\Bonjour
[07/11/2008|23:39] C:\Program Files\CCleaner
[03/11/2008|20:12] C:\Program Files\Conduit
[15/11/2008|18:42] C:\Program Files\Corel
[07/12/2008|14:35] C:\Program Files\Diskeeper Corporation
[16/12/2008|18:39] C:\Program Files\Fichiers communs
[17/11/2008|16:33] C:\Program Files\Gdot
[15/12/2008|22:27] C:\Program Files\Google
[29/10/2008|16:23] C:\Program Files\Hewlett-Packard
[09/11/2008|14:35] C:\Program Files\HP
[27/11/2008|16:26] C:\Program Files\InstallShield Installation Information
[11/12/2008|17:08] C:\Program Files\Internet Explorer
[29/10/2008|16:23] C:\Program Files\iPod
[29/10/2008|16:23] C:\Program Files\iTunes
[15/11/2008|18:58] C:\Program Files\Jasc Software Inc
[07/11/2008|16:49] C:\Program Files\Java
[07/11/2008|16:50] C:\Program Files\JRE
[29/10/2008|19:14] C:\Program Files\Lavasoft
[01/11/2008|17:11] C:\Program Files\Malwarebytes' Anti-Malware
[11/11/2008|17:31] C:\Program Files\Messenger
[30/10/2008|22:08] C:\Program Files\Messenger Plus! Live
[06/11/2008|22:48] C:\Program Files\microsoft frontpage
[08/11/2008|00:47] C:\Program Files\Microsoft SQL Server Compact Edition
[08/11/2008|00:56] C:\Program Files\Movie Maker
[18/12/2008|13:47] C:\Program Files\Mozilla Firefox 3.1 Beta 1
[03/11/2008|22:49] C:\Program Files\msn
[18/09/2006|01:53] C:\Program Files\MSN Gaming Zone
[14/11/2008|16:55] C:\Program Files\MSXML 4.0
[29/10/2008|16:23] C:\Program Files\NetMeeting
[18/09/2006|01:53] C:\Program Files\NewTech Infosystems
[07/11/2008|16:50] C:\Program Files\OpenOffice.org 2.3
[07/11/2008|16:50] C:\Program Files\OpenOffice.org 3
[29/10/2008|16:23] C:\Program Files\Orange
[29/10/2008|16:23] C:\Program Files\Outlook Express
[24/11/2008|20:49] C:\Program Files\PhotoFiltre
[21/11/2008|19:32] C:\Program Files\photoKC Softwares
[10/12/2008|21:56] C:\Program Files\PhotoScape
[10/12/2008|21:09] C:\Program Files\Picasa2
[29/10/2008|16:23] C:\Program Files\QuickTime
[27/11/2008|16:26] C:\Program Files\SAGEM
[14/11/2008|22:26] C:\Program Files\Samsung
[30/10/2008|18:20] C:\Program Files\Uninstall Information
[01/11/2008|22:13] C:\Program Files\VDOWNLOADERvideo
[08/11/2008|17:21] C:\Program Files\Windows Installer Clean Up
[08/11/2008|17:34] C:\Program Files\Windows Live
[29/10/2008|18:30] C:\Program Files\Windows Live Toolbar
[11/11/2008|15:48] C:\Program Files\Windows Media Connect 2
[11/11/2008|16:54] C:\Program Files\Windows Media Player
[29/10/2008|16:23] C:\Program Files\Windows NT
[18/09/2006|01:54] C:\Program Files\xerox
[03/11/2008|01:44] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[11/11/2008|18:04] C:\Program Files\Fichiers communs\Adobe
[12/05/2008|15:02] C:\Program Files\Fichiers communs\Apple
[17/09/2008|17:14] C:\Program Files\Fichiers communs\France Telecom
[29/10/2008|16:23] C:\Program Files\Fichiers communs\HP
[15/11/2008|18:15] C:\Program Files\Fichiers communs\InstallShield
[07/11/2008|16:48] C:\Program Files\Fichiers communs\Java
[29/10/2008|16:23] C:\Program Files\Fichiers communs\LightScribe
[10/11/2008|15:09] C:\Program Files\Fichiers communs\Macromedia
[11/11/2008|18:21] C:\Program Files\Fichiers communs\Microsoft Shared
[18/09/2006|01:53] C:\Program Files\Fichiers communs\MSSoap
[18/09/2006|01:53] C:\Program Files\Fichiers communs\SpeechEngines
[29/10/2008|16:23] C:\Program Files\Fichiers communs\System
[08/11/2008|01:13] C:\Program Files\Fichiers communs\Windows Live Installer
[08/11/2008|00:44] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[29/10/2008|19:14] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 60 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 13:57:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
disk error: C:\WINDOWS\System32\
please note that you need administrator rights to perform deep scan

--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]



[F:584][D:82]-> C:\DOCUME~1\YASMIN~2\LOCALS~1\Temp
[F:2][D:0]-> C:\DOCUME~1\YASMIN~2\Cookies
[F:38][D:4]-> C:\DOCUME~1\YASMIN~2\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 17/12/2008|15:08 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 18/12/2008|14:00 - Option : [2]

--------------------\\ Fin du rapport a 14:00:53
0
Réponse 31 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
Tu m'as fait une frayeur pendant un moment , c'est le rapport du 17/12/08 ...

On va faire autrement :

Double-clique sur OTMoveIt3.exe pour le lancer.

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:processes
explorer.exe


:Reg


:files
C:\Documents and Settings\Invité\Application Data\twext.exe
:services

:commands
[start explorer]
[reboot]



Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0
Réponse 32 / 37
acrobatika
 
a oups dsl j'ai pas fait atention : )



euh par contre je c'est pa si c'est normale mai ya que sa

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Invité\Application Data\twext.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== COMMANDS ==========
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_230329
0
Réponse 33 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
ok ,c'est mieux ;

Maintenant désinstalle norton avec cet outil : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

· Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.
http://pc-system.fr/
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

===================================================

Maintenant que ton PC n'est plus infecté, désactive ta "Restauration du système" puis réactive la afin de créer un point de restauration sain.

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

===================================================
un peu de lecture afin de ne pas revenir ici

Voila !
0
Réponse 34 / 37
acrobatika
 
[ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\SDFIX: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\Invité\Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Invité\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Invité\Mes documents\LopSD.exe: trouvé !
C:\Documents and Settings\Invité\Mes documents\lopR.txt: trouvé !
C:\Documents and Settings\yasmina\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\yasmina \Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\yasmina \Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\yasmina \Bureau\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\yasmina \Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\yasmina \Bureau\SmitFraudfix: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Invité\Bureau\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Invité\Mes documents\LopSD.exe: supprimé !
C:\Documents and Settings\yasmina \Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\yasmina \Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\yasmina \Bureau\HijackThis.exe: supprimé !
C:\Documents and Settings\yasmina \Bureau\SmitFraudFix.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Documents and Settings\Invité\Mes documents\lopR.txt: supprimé !
C:\Documents and Settings\yasmina\Bureau\OTMoveIt3.exe: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !
C:\WINDOWS\NIRCMD.exe: supprimé !
C:\SDFIX: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\Invité\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\yasmina \Bureau\SmitFraudfix: supprimé !
0
Réponse 35 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
Résolu ?
0
Réponse 36 / 37
acrobatika
 
oui resolu mais je narive pas a le metre en haut il y et plus??
0
Réponse 37 / 37
jfkpresident Messages postés 13408 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 175
 
tu peux aussi cliquer sur le petit triangle jaune pour appeler la "conciergerie" afin de demander que ton post passe en résolu .

Bonnes fetes pour cette nouvelle année !
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses