Aider moi svp car mon pc est infecte

Résolu
djearadjou Messages postés 44 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
depuis ce martin mon pc est affecte par un virus est je vous donne le raport de hijackthis puisque vous pouvez savoir plus de mon prob.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:04, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\windows\system32\frmwrk32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10131 bytes
Configuration: Windows XP
Internet Explorer 7.0

31 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
    0
  2. djearadjou Messages postés 44 Statut Membre 1
     
    j'arrive pas installer le sdfix ,il s'affiche que le exe file est corrumpu
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    désactive tes protection et refais sdfix car il est parfois considéré comme infecté mais ce n'est pas le cas

    si impossible:

    Télécharge MSNFix de Laurent
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

    envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr pour faire evoluer msnfix
    0
    1. djearadjou Messages postés 44 Statut Membre 1
       
      bonjour
      j'ai telecharger le sdfix et voila le resultat

      [b]SDFix: Version 1.240 [/b]
      Run by DJEARADJOU on 15/12/2008 at 14:24

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\SDFix

      [b]Checking Services [/b]:


      Restoring Default Security Values
      Restoring Default Hosts File

      Rebooting

      Service asc3550p - Deleted after Reboot

      [b]Checking Files [/b]:

      No Trojan Files Found






      Removing Temp Files

      [b]ADS Check [/b]:
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    le rapport est incomplet

    fais un rapport msnfix aussi svp
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. djearadjou Messages postés 44 Statut Membre 1
     
    j'ai le upload_me file mais jenesais pas comment vous envoyer
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu_ as le rapport sdfix complet, msnfix svp

    mets les

    puis remet un rapport hijackthis
    0
  8. djearadjou Messages postés 44 Statut Membre 1
     
    je ne trouve pas de rapport de sdfix et msnfix mais parcontre le hijackthis c'est bon
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:00:06, on 15/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\RTHDCPL.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\ZSSnp211.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\windows\system32\frmwrk32.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: BTTray.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  9. djearadjou Messages postés 44 Statut Membre 1
     
    je ne trouve pas de rapport de sdfix et msnfix mais parcontre le hijackthis c'est bon
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:00:06, on 15/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\windows\System32\nvsvc32.exe
    C:\windows\System32\svchost.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\RUNDLL32.EXE
    C:\windows\RTHDCPL.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\ZSSnp211.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\windows\system32\frmwrk32.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DNA\btdna.exe
    C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: BTTray.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  10. djearadjou Messages postés 44 Statut Membre 1
     
    d'aboard je vous remercie mille fois.car mbam a tout nettoyer et debarasser le virus.et voila le rapport
    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1501
    Windows 5.1.2600 Service Pack 3

    15/12/2008 19:10:59
    mbam-log-2008-12-15 (19-10-59).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 141941
    Temps écoulé: 1 hour(s), 33 minute(s), 39 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 10
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 4

    Processus mémoire infecté(s):
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Failed to unload process.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot.
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

    * Double-clique dessus pour lancer l'installation
    * Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
    * Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
    * Patiente jusqu'à la fin du scan
    * Poste le rapport généré (C:\lopR.txt)
    0
  12. djearadjou Messages postés 44 Statut Membre 1
     
    voici le resultat
    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
    BIOS : BIOS Date: 07/06/06 10:49:41 Ver: 08.00.10
    USER : DJEARADJOU ( Administrator )
    BOOT : Normal boot
    Antivirus : McAfee VirusScan Enterprise 8.5.0.781 (Activated)
    C:\ (Local Disk) - NTFS - Total:149 Go (Free:74 Go)
    D:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [1] ( 15/12/2008|20:30 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [11/11/2008|16:35] C:\DOCUME~1\admin\APPLIC~1\Adobe
    [11/11/2008|00:28] C:\DOCUME~1\admin\APPLIC~1\Identities
    [11/11/2008|12:13] C:\DOCUME~1\admin\APPLIC~1\Macromedia
    [17/11/2008|20:43] C:\DOCUME~1\admin\APPLIC~1\Media Player Classic
    [17/11/2008|21:10] C:\DOCUME~1\admin\APPLIC~1\Microsoft

    [28/11/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [19/11/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [18/11/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [28/11/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [23/11/2008|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
    [11/12/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
    [09/12/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [15/12/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [11/11/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [17/11/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [25/11/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [09/12/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [13/12/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [21/11/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
    [15/12/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [20/11/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/11/2008|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [11/11/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [09/12/2008|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [20/11/2008|11:32] C:\DOCUME~1\DAMIEN\APPLIC~1\Adobe
    [20/11/2008|11:41] C:\DOCUME~1\DAMIEN\APPLIC~1\Apple Computer
    [17/11/2008|20:46] C:\DOCUME~1\DAMIEN\APPLIC~1\Identities
    [02/12/2008|12:15] C:\DOCUME~1\DAMIEN\APPLIC~1\Macromedia
    [20/11/2008|14:36] C:\DOCUME~1\DAMIEN\APPLIC~1\Microsoft
    [24/11/2008|12:07] C:\DOCUME~1\DAMIEN\APPLIC~1\Mozilla
    [24/11/2008|12:04] C:\DOCUME~1\DAMIEN\APPLIC~1\Nero
    [13/12/2008|06:02] C:\DOCUME~1\DAMIEN\APPLIC~1\PC Suite

    [10/11/2008|23:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10/09/2008|17:12] C:\DOCUME~1\DJEARA~1\APPLIC~1\Adobe
    [20/11/2008|15:38] C:\DOCUME~1\DJEARA~1\APPLIC~1\Ahead
    [28/11/2008|17:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Apple Computer
    [15/12/2008|01:34] C:\DOCUME~1\DJEARA~1\APPLIC~1\BitTorrent
    [21/11/2008|15:11] C:\DOCUME~1\DJEARA~1\APPLIC~1\DivX
    [15/12/2008|20:26] C:\DOCUME~1\DJEARA~1\APPLIC~1\DNA
    [30/11/2008|18:35] C:\DOCUME~1\DJEARA~1\APPLIC~1\dvdcss
    [22/11/2008|22:26] C:\DOCUME~1\DJEARA~1\APPLIC~1\EPSON
    [11/12/2008|17:22] C:\DOCUME~1\DJEARA~1\APPLIC~1\ESTsoft
    [10/09/2008|09:16] C:\DOCUME~1\DJEARA~1\APPLIC~1\GibbHill Properties Ltd
    [19/06/2008|11:14] C:\DOCUME~1\DJEARA~1\APPLIC~1\Google
    [17/11/2008|20:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\Identities
    [18/11/2008|10:07] C:\DOCUME~1\DJEARA~1\APPLIC~1\InstallShield
    [30/08/2008|10:09] C:\DOCUME~1\DJEARA~1\APPLIC~1\Macromedia
    [15/12/2008|17:20] C:\DOCUME~1\DJEARA~1\APPLIC~1\Malwarebytes
    [15/12/2008|00:00] C:\DOCUME~1\DJEARA~1\APPLIC~1\Microsoft
    [05/09/2008|17:51] C:\DOCUME~1\DJEARA~1\APPLIC~1\Mozilla
    [14/12/2008|11:37] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nero
    [09/12/2008|18:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nokia
    [13/12/2008|19:39] C:\DOCUME~1\DJEARA~1\APPLIC~1\PC Suite
    [21/11/2008|09:48] C:\DOCUME~1\DJEARA~1\APPLIC~1\Simple Star
    [21/11/2008|10:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\vlc
    [15/12/2008|14:53] C:\DOCUME~1\DJEARA~1\APPLIC~1\WinRAR

    [18/11/2008|18:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [09/12/2008|17:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\windows\tasks

    [12/12/2008 17:40][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
    [15/12/2008 20:25][--ah-----] C:\windows\tasks\SA.DAT
    [07/10/2003 01:00][-r-h-----] C:\windows\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [14/12/2008|22:41] C:\Program Files\Alice
    [15/12/2008|09:57] C:\Program Files\Alwil Software
    [18/11/2008|17:21] C:\Program Files\Apple Software Update
    [14/12/2008|21:54] C:\Program Files\ArtMoney
    [16/11/2008|20:54] C:\Program Files\Belkin
    [18/11/2008|17:48] C:\Program Files\BitTorrent
    [25/11/2008|10:28] C:\Program Files\Bonjour
    [15/12/2008|09:36] C:\Program Files\CCleaner
    [17/11/2008|20:43] C:\Program Files\Combined Community Codec Pack
    [10/11/2008|23:25] C:\Program Files\ComPlus Applications
    [10/12/2008|12:47] C:\Program Files\Conduit
    [09/12/2008|18:43] C:\Program Files\DIFX
    [21/11/2008|15:10] C:\Program Files\DivX
    [15/12/2008|20:26] C:\Program Files\DNA
    [15/12/2008|07:25] C:\Program Files\eMule
    [22/11/2008|23:30] C:\Program Files\epson
    [10/12/2008|10:59] C:\Program Files\ESTsoft
    [09/12/2008|18:44] C:\Program Files\Fichiers communs
    [14/12/2008|11:14] C:\Program Files\Google
    [13/12/2008|13:10] C:\Program Files\Hybrid Client
    [14/12/2008|21:55] C:\Program Files\iHabbix Ltd
    [15/12/2008|07:38] C:\Program Files\iHabbix V3
    [14/12/2008|23:14] C:\Program Files\InstallShield Installation Information
    [11/11/2008|10:49] C:\Program Files\Intel
    [14/12/2008|22:58] C:\Program Files\Internet Explorer
    [28/11/2008|17:53] C:\Program Files\iPod
    [28/11/2008|17:54] C:\Program Files\iTunes
    [15/12/2008|17:20] C:\Program Files\Malwarebytes' Anti-Malware
    [11/11/2008|15:17] C:\Program Files\McAfee
    [25/11/2008|18:18] C:\Program Files\McDonaldsFairies
    [11/11/2008|21:32] C:\Program Files\Messenger
    [10/11/2008|23:27] C:\Program Files\microsoft frontpage
    [13/11/2008|19:47] C:\Program Files\Microsoft Office
    [13/11/2008|19:46] C:\Program Files\Microsoft.NET
    [14/12/2008|17:12] C:\Program Files\Mindscape
    [11/11/2008|20:59] C:\Program Files\Movie Maker
    [15/12/2008|19:42] C:\Program Files\Mozilla Firefox
    [11/11/2008|16:02] C:\Program Files\MSBuild
    [10/11/2008|23:25] C:\Program Files\MSN
    [10/11/2008|23:25] C:\Program Files\MSN Gaming Zone
    [20/11/2008|17:50] C:\Program Files\MSXML 4.0
    [09/12/2008|19:15] C:\Program Files\MSXML 6.0
    [21/11/2008|09:49] C:\Program Files\Nero
    [11/11/2008|20:56] C:\Program Files\NetMeeting
    [09/12/2008|19:16] C:\Program Files\Nokia
    [29/11/2008|12:55] C:\Program Files\NRJ
    [28/11/2008|18:24] C:\Program Files\Ontrack
    [11/11/2008|20:56] C:\Program Files\Outlook Express
    [15/12/2008|09:15] C:\Program Files\Panda Security
    [09/12/2008|18:43] C:\Program Files\PC Connectivity Solution
    [14/12/2008|23:14] C:\Program Files\PC Inspector File Recovery
    [14/12/2008|11:14] C:\Program Files\Picasa2
    [28/11/2008|17:53] C:\Program Files\QuickTime
    [11/11/2008|12:27] C:\Program Files\Realtek
    [11/11/2008|15:58] C:\Program Files\Reference Assemblies
    [28/11/2008|17:44] C:\Program Files\Safari
    [10/11/2008|23:25] C:\Program Files\Services en ligne
    [15/12/2008|00:29] C:\Program Files\SoftLogica
    [15/12/2008|17:57] C:\Program Files\Spybot - Search & Destroy
    [15/12/2008|09:07] C:\Program Files\Trend Micro
    [11/11/2008|00:28] C:\Program Files\Uninstall Information
    [19/11/2008|15:49] C:\Program Files\USB Drive Data Recovery (Demo)
    [21/11/2008|10:55] C:\Program Files\VideoLAN
    [18/11/2008|09:57] C:\Program Files\Vimicro
    [11/11/2008|16:37] C:\Program Files\Western Digital
    [09/12/2008|17:08] C:\Program Files\Windows Live
    [29/11/2008|12:58] C:\Program Files\Windows Media Components
    [13/12/2008|14:55] C:\Program Files\Windows Media Connect 2
    [13/12/2008|14:55] C:\Program Files\Windows Media Player
    [11/11/2008|20:56] C:\Program Files\Windows NT
    [11/11/2008|10:36] C:\Program Files\WindowsUpdate
    [11/11/2008|10:36] C:\Program Files\WinRAR
    [14/12/2008|15:10] C:\Program Files\WS Script Black
    [10/11/2008|23:27] C:\Program Files\xerox
    [15/12/2008|09:48] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [28/11/2008|17:51] C:\Program Files\Fichiers communs\Apple
    [11/11/2008|15:17] C:\Program Files\Fichiers communs\Cisco Systems
    [13/11/2008|19:47] C:\Program Files\Fichiers communs\DESIGNER
    [18/11/2008|10:11] C:\Program Files\Fichiers communs\InstallShield
    [11/11/2008|15:17] C:\Program Files\Fichiers communs\McAfee
    [21/11/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/11/2008|23:25] C:\Program Files\Fichiers communs\MSSoap
    [21/11/2008|12:36] C:\Program Files\Fichiers communs\Nero
    [09/12/2008|18:44] C:\Program Files\Fichiers communs\Nokia
    [31/12/2001|23:26] C:\Program Files\Fichiers communs\ODBC
    [09/12/2008|18:44] C:\Program Files\Fichiers communs\PCSuite
    [10/11/2008|23:26] C:\Program Files\Fichiers communs\Services
    [21/11/2008|09:52] C:\Program Files\Fichiers communs\Simple Star Shared
    [31/12/2001|23:26] C:\Program Files\Fichiers communs\SpeechEngines
    [29/11/2008|12:52] C:\Program Files\Fichiers communs\Symantec Shared
    [13/11/2008|19:46] C:\Program Files\Fichiers communs\System
    [17/11/2008|21:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 61 Processes )

    iexplore.exe ~ [PID:3076]

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\nsx4E.tmp
    C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload
    C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 20:31:43
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 19

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:36][D:67]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp
    [F:54][D:0]-> C:\DOCUME~1\DJEARA~1\Cookies
    [F:2111][D:4]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 15/12/2008|20:33 - Option : [1]

    --------------------\\ Fin du rapport a 20:33:40
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    lop sd

    * Choisis cette fois ci l'Option 2 (Suppression)
    * Ne ferme pas la fenêtre lors de la suppression !
    * Poste le rapport généré (C:\lopR.txt)

    __________________

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    Kaspersky en ligne
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    0
  14. djearadjou Messages postés 44 Statut Membre 1
     
    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
    BIOS : BIOS Date: 07/06/06 10:49:41 Ver: 08.00.10
    USER : DJEARADJOU ( Administrator )
    BOOT : Normal boot
    Antivirus : McAfee VirusScan Enterprise 8.5.0.781 (Activated)
    C:\ (Local Disk) - NTFS - Total:149 Go (Free:74 Go)
    D:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 15/12/2008|20:51 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\nsx4E.tmp
    Supprime! - C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk
    Supprime! - C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload
    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans APPLIC~1

    [11/11/2008|16:35] C:\DOCUME~1\admin\APPLIC~1\Adobe
    [11/11/2008|00:28] C:\DOCUME~1\admin\APPLIC~1\Identities
    [11/11/2008|12:13] C:\DOCUME~1\admin\APPLIC~1\Macromedia
    [17/11/2008|20:43] C:\DOCUME~1\admin\APPLIC~1\Media Player Classic
    [17/11/2008|21:10] C:\DOCUME~1\admin\APPLIC~1\Microsoft

    [28/11/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    [19/11/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
    [18/11/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    [28/11/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    [23/11/2008|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
    [11/12/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
    [09/12/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
    [15/12/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [11/11/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    [17/11/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [25/11/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [09/12/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
    [13/12/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [21/11/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
    [15/12/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [20/11/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    [22/11/2008|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
    [11/11/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [09/12/2008|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [20/11/2008|11:32] C:\DOCUME~1\DAMIEN\APPLIC~1\Adobe
    [20/11/2008|11:41] C:\DOCUME~1\DAMIEN\APPLIC~1\Apple Computer
    [17/11/2008|20:46] C:\DOCUME~1\DAMIEN\APPLIC~1\Identities
    [02/12/2008|12:15] C:\DOCUME~1\DAMIEN\APPLIC~1\Macromedia
    [20/11/2008|14:36] C:\DOCUME~1\DAMIEN\APPLIC~1\Microsoft
    [24/11/2008|12:07] C:\DOCUME~1\DAMIEN\APPLIC~1\Mozilla
    [24/11/2008|12:04] C:\DOCUME~1\DAMIEN\APPLIC~1\Nero
    [13/12/2008|06:02] C:\DOCUME~1\DAMIEN\APPLIC~1\PC Suite

    [10/11/2008|23:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10/09/2008|17:12] C:\DOCUME~1\DJEARA~1\APPLIC~1\Adobe
    [20/11/2008|15:38] C:\DOCUME~1\DJEARA~1\APPLIC~1\Ahead
    [28/11/2008|17:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Apple Computer
    [15/12/2008|01:34] C:\DOCUME~1\DJEARA~1\APPLIC~1\BitTorrent
    [21/11/2008|15:11] C:\DOCUME~1\DJEARA~1\APPLIC~1\DivX
    [15/12/2008|20:46] C:\DOCUME~1\DJEARA~1\APPLIC~1\DNA
    [30/11/2008|18:35] C:\DOCUME~1\DJEARA~1\APPLIC~1\dvdcss
    [22/11/2008|22:26] C:\DOCUME~1\DJEARA~1\APPLIC~1\EPSON
    [11/12/2008|17:22] C:\DOCUME~1\DJEARA~1\APPLIC~1\ESTsoft
    [10/09/2008|09:16] C:\DOCUME~1\DJEARA~1\APPLIC~1\GibbHill Properties Ltd
    [19/06/2008|11:14] C:\DOCUME~1\DJEARA~1\APPLIC~1\Google
    [17/11/2008|20:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\Identities
    [18/11/2008|10:07] C:\DOCUME~1\DJEARA~1\APPLIC~1\InstallShield
    [30/08/2008|10:09] C:\DOCUME~1\DJEARA~1\APPLIC~1\Macromedia
    [15/12/2008|17:20] C:\DOCUME~1\DJEARA~1\APPLIC~1\Malwarebytes
    [15/12/2008|00:00] C:\DOCUME~1\DJEARA~1\APPLIC~1\Microsoft
    [05/09/2008|17:51] C:\DOCUME~1\DJEARA~1\APPLIC~1\Mozilla
    [14/12/2008|11:37] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nero
    [09/12/2008|18:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nokia
    [13/12/2008|19:39] C:\DOCUME~1\DJEARA~1\APPLIC~1\PC Suite
    [21/11/2008|09:48] C:\DOCUME~1\DJEARA~1\APPLIC~1\Simple Star
    [21/11/2008|10:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\vlc
    [15/12/2008|14:53] C:\DOCUME~1\DJEARA~1\APPLIC~1\WinRAR

    [18/11/2008|18:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [09/12/2008|17:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\windows\tasks

    [12/12/2008 17:40][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
    [15/12/2008 20:25][--ah-----] C:\windows\tasks\SA.DAT
    [07/10/2003 01:00][-r-h-----] C:\windows\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [14/12/2008|22:41] C:\Program Files\Alice
    [15/12/2008|09:57] C:\Program Files\Alwil Software
    [18/11/2008|17:21] C:\Program Files\Apple Software Update
    [14/12/2008|21:54] C:\Program Files\ArtMoney
    [16/11/2008|20:54] C:\Program Files\Belkin
    [18/11/2008|17:48] C:\Program Files\BitTorrent
    [25/11/2008|10:28] C:\Program Files\Bonjour
    [15/12/2008|09:36] C:\Program Files\CCleaner
    [17/11/2008|20:43] C:\Program Files\Combined Community Codec Pack
    [10/11/2008|23:25] C:\Program Files\ComPlus Applications
    [10/12/2008|12:47] C:\Program Files\Conduit
    [09/12/2008|18:43] C:\Program Files\DIFX
    [21/11/2008|15:10] C:\Program Files\DivX
    [15/12/2008|20:26] C:\Program Files\DNA
    [15/12/2008|07:25] C:\Program Files\eMule
    [22/11/2008|23:30] C:\Program Files\epson
    [10/12/2008|10:59] C:\Program Files\ESTsoft
    [09/12/2008|18:44] C:\Program Files\Fichiers communs
    [14/12/2008|11:14] C:\Program Files\Google
    [13/12/2008|13:10] C:\Program Files\Hybrid Client
    [14/12/2008|21:55] C:\Program Files\iHabbix Ltd
    [15/12/2008|07:38] C:\Program Files\iHabbix V3
    [14/12/2008|23:14] C:\Program Files\InstallShield Installation Information
    [11/11/2008|10:49] C:\Program Files\Intel
    [14/12/2008|22:58] C:\Program Files\Internet Explorer
    [28/11/2008|17:53] C:\Program Files\iPod
    [28/11/2008|17:54] C:\Program Files\iTunes
    [15/12/2008|17:20] C:\Program Files\Malwarebytes' Anti-Malware
    [11/11/2008|15:17] C:\Program Files\McAfee
    [25/11/2008|18:18] C:\Program Files\McDonaldsFairies
    [11/11/2008|21:32] C:\Program Files\Messenger
    [10/11/2008|23:27] C:\Program Files\microsoft frontpage
    [13/11/2008|19:47] C:\Program Files\Microsoft Office
    [13/11/2008|19:46] C:\Program Files\Microsoft.NET
    [14/12/2008|17:12] C:\Program Files\Mindscape
    [11/11/2008|20:59] C:\Program Files\Movie Maker
    [15/12/2008|19:42] C:\Program Files\Mozilla Firefox
    [11/11/2008|16:02] C:\Program Files\MSBuild
    [10/11/2008|23:25] C:\Program Files\MSN
    [10/11/2008|23:25] C:\Program Files\MSN Gaming Zone
    [20/11/2008|17:50] C:\Program Files\MSXML 4.0
    [09/12/2008|19:15] C:\Program Files\MSXML 6.0
    [21/11/2008|09:49] C:\Program Files\Nero
    [11/11/2008|20:56] C:\Program Files\NetMeeting
    [09/12/2008|19:16] C:\Program Files\Nokia
    [29/11/2008|12:55] C:\Program Files\NRJ
    [28/11/2008|18:24] C:\Program Files\Ontrack
    [11/11/2008|20:56] C:\Program Files\Outlook Express
    [15/12/2008|09:15] C:\Program Files\Panda Security
    [09/12/2008|18:43] C:\Program Files\PC Connectivity Solution
    [14/12/2008|23:14] C:\Program Files\PC Inspector File Recovery
    [14/12/2008|11:14] C:\Program Files\Picasa2
    [28/11/2008|17:53] C:\Program Files\QuickTime
    [11/11/2008|12:27] C:\Program Files\Realtek
    [11/11/2008|15:58] C:\Program Files\Reference Assemblies
    [28/11/2008|17:44] C:\Program Files\Safari
    [10/11/2008|23:25] C:\Program Files\Services en ligne
    [15/12/2008|00:29] C:\Program Files\SoftLogica
    [15/12/2008|17:57] C:\Program Files\Spybot - Search & Destroy
    [15/12/2008|09:07] C:\Program Files\Trend Micro
    [11/11/2008|00:28] C:\Program Files\Uninstall Information
    [19/11/2008|15:49] C:\Program Files\USB Drive Data Recovery (Demo)
    [21/11/2008|10:55] C:\Program Files\VideoLAN
    [18/11/2008|09:57] C:\Program Files\Vimicro
    [11/11/2008|16:37] C:\Program Files\Western Digital
    [09/12/2008|17:08] C:\Program Files\Windows Live
    [29/11/2008|12:58] C:\Program Files\Windows Media Components
    [13/12/2008|14:55] C:\Program Files\Windows Media Connect 2
    [13/12/2008|14:55] C:\Program Files\Windows Media Player
    [11/11/2008|20:56] C:\Program Files\Windows NT
    [11/11/2008|10:36] C:\Program Files\WindowsUpdate
    [11/11/2008|10:36] C:\Program Files\WinRAR
    [14/12/2008|15:10] C:\Program Files\WS Script Black
    [10/11/2008|23:27] C:\Program Files\xerox
    [15/12/2008|09:48] C:\Program Files\Yahoo!

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [28/11/2008|17:51] C:\Program Files\Fichiers communs\Apple
    [11/11/2008|15:17] C:\Program Files\Fichiers communs\Cisco Systems
    [13/11/2008|19:47] C:\Program Files\Fichiers communs\DESIGNER
    [18/11/2008|10:11] C:\Program Files\Fichiers communs\InstallShield
    [11/11/2008|15:17] C:\Program Files\Fichiers communs\McAfee
    [21/11/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
    [10/11/2008|23:25] C:\Program Files\Fichiers communs\MSSoap
    [21/11/2008|12:36] C:\Program Files\Fichiers communs\Nero
    [09/12/2008|18:44] C:\Program Files\Fichiers communs\Nokia
    [31/12/2001|23:26] C:\Program Files\Fichiers communs\ODBC
    [09/12/2008|18:44] C:\Program Files\Fichiers communs\PCSuite
    [10/11/2008|23:26] C:\Program Files\Fichiers communs\Services
    [21/11/2008|09:52] C:\Program Files\Fichiers communs\Simple Star Shared
    [31/12/2001|23:26] C:\Program Files\Fichiers communs\SpeechEngines
    [29/11/2008|12:52] C:\Program Files\Fichiers communs\Symantec Shared
    [13/11/2008|19:46] C:\Program Files\Fichiers communs\System
    [17/11/2008|21:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller

    --------------------\\ Process

    ( 59 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-15 20:53:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 19

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    [F:36][D:66]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp
    [F:57][D:0]-> C:\DOCUME~1\DJEARA~1\Cookies
    [F:2260][D:4]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 15/12/2008|20:33 - Option : [1]
    2 - "C:\Lop SD\LopR_2.txt" - 15/12/2008|20:54 - Option : [2]

    --------------------\\ Fin du rapport a 20:54:34
    0
  15. djearadjou Messages postés 44 Statut Membre 1
     
    le resultat de activescan ;

    ***********************************************************************************************************************************************************************************
    ANALYSIS: 2008-12-15 22:09:15
    PROTECTIONS: 1
    MALWARE: 46
    SUSPECTS: 5
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    McAfee VirusScan Enterprise 8.5.0.781 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00020386 Application/MotherboardMonitor.A HackTools No 0 Yes No C:\Program Files\WS Script Black\usr\bin\dll\moo.dll
    00020386 Application/MotherboardMonitor.A HackTools No 0 Yes No C:\Program Files\WS Script Black\dll\moo.dll
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\SV\1\Cookies\damien@casalemedia[2].txt
    00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@casalemedia[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@doubleclick[1].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@doubleclick[2].txt
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@atdmt[2].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@atdmt[2].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Local Settings\Temporary Internet Files\Content.IE5\EVZ2AH58\231D5815E49B1F55EFE137816A50[1].jpg
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@tradedoubler[2].txt
    00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@tradedoubler[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@247realmedia[1].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@247realmedia[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@247realmedia[1].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fastclick[2].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fastclick[2].txt
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fastclick[1].txt
    00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@tribalfusion[2].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@mediaplex[1].txt
    00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@mediaplex[1].txt
    00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@revenue[2].txt
    00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\SV\1\Cookies\damien@revenue[2].txt
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@com[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@xiti[1].txt
    00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fe.lea.lycos[2].txt
    00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@toplist[2].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@statcounter[1].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@statcounter[2].txt
    00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@counter.hitslink[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ad.yieldmanager[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ad.yieldmanager[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@apmebf[1].txt
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@apmebf[2].txt
    00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@burstnet[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@serving-sys[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@serving-sys[2].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@bs.serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@bs.serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@bs.serving-sys[1].txt
    00168095 Cookie/888 TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@888[2].txt
    00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@www.burstbeacon[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@weborama[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@weborama[1].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@weborama[1].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@adtech[1].txt
    00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@server.iad.liveperson[2].txt
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@fl01.ct2.comclick[1].txt
    00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fl01.ct2.comclick[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@advertising[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@advertising[2].txt
    00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@media.adrevolver[1].txt
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@statse.webtrendslive[2].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ads.pointroll[2].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@overture[1].txt
    00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@realmedia[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@questionmarket[2].txt
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@zedo[2].txt
    00172483 Cookie/888 TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@int.sitestat[1].txt
    00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@int.sitestat[2].txt
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@bluestreak[1].txt
    00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@adrevolver[2].txt
    00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@searchportal.information[1].txt
    00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@searchportal.information[1].txt
    00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@adviva[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@smartadserver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@smartadserver[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@smartadserver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@smartadserver[2].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@smartadserver[1].txt
    00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@www3.addfreestats[1].txt
    00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ehg-dig.hitbox[2].txt
    01648935 Application/Pskill.V HackTools No 0 Yes No C:\Program Files\WS Script Black\usr\bin\dll\Procs.dll
    03738686 Generic Malware Virus/Trojan No 0 No No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe[C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe][SDFix\apps\Cghtme.exe]
    03738686 Generic Malware Virus/Trojan No 0 No No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe[C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe][SDFix\catchme.exe]
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\Program Files\WS Script Black\mirc.exe
    No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc5.zip[MSNFix/incl/catchme.exe]
    No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc6\MSNFix\incl\catchme.exe
    No C:\SV\D\INCOMINGS\Nero 8 Serial Crack.zip[nero8x.exe]
    No C:\SV\D\TORRENTS DOWNLOADS\MSN Messenger Live + Plus + Plugins + Emoticons + Patches (AIO)\MAiO.exe[AutoPlay/Docs/MDL_1.1.0155.exe]
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vide ta corbeille

    puis

    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    C:\Program Files\WS Script Black\usr\bin\dll\moo.dll
    C:\Program Files\WS Script Black\dll\moo.dll
    C:\Program Files\WS Script Black\usr\bin\dll\Procs.dll
    C:\Program Files\WS Script Black\mirc.exe
    C:\SV\D\INCOMINGS\Nero 8 Serial Crack.zip
    C:\SV\D\TORRENTS DOWNLOADS\MSN Messenger Live + Plus + Plugins + Emoticons + Patches (AIO)\MAiO.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ______________________

    dis moi ensuite comment se comporte ton pc
    0
  17. djearadjou Messages postés 44 Statut Membre 1
     
    voila le resultat:
    et mon pc est tres stable et affichage sur le bureau (your system infected) est disparu
    ========== FILES ==========
    File/Folder C:\Program Files\WS Script Black\usr\bin\dll\moo.dll not found.
    File/Folder C:\Program Files\WS Script Black\dll\moo.dll not found.
    File/Folder C:\Program Files\WS Script Black\usr\bin\dll\Procs.dll not found.
    C:\Program Files\WS Script Black\mirc.exe moved successfully.
    C:\SV\D\INCOMINGS\Nero 8 Serial Crack.zip moved successfully.
    C:\SV\D\TORRENTS DOWNLOADS\MSN Messenger Live + Plus + Plugins + Emoticons + Patches (AIO)\MAiO.exe moved successfully.

    OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_235650
    un grand merci a vs pour votre precious assistance et le temps vs avez concacrer pour moi
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    dis moi ensuite comment se comporte ton pc

    et remets un scan hijakchits
    0
  19. djearadjou Messages postés 44 Statut Membre 1
     
    Bonjour
    mon pc marchr bien et sans souci garce a votre intervention et voila le resultat de hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:43:38, on 16/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\spoolsv.exe
    C:\windows\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    C:\windows\RTHDCPL.EXE
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINDOWS\ZSSnp211.exe
    C:\WINDOWS\Domino.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Contrôle parental\fssui.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\windows\System32\nvsvc32.exe
    C:\Program Files\DNA\btdna.exe
    C:\windows\System32\svchost.exe
    C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [Register urlmon.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\urlmon.dll
    O4 - HKLM\..\RunOnce: [Register hlink.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\hlink.dll
    O4 - HKLM\..\RunOnce: [Register oleaut32.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\oleaut32.dll
    O4 - HKLM\..\RunOnce: [IE 3.0 RegSvr schannel.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\schannel.dll
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: BTTray.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
    O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    --> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
    http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

    --> Lance l'installation avec les paramètres par défaut.

    --> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

    --> Double-clique sur le raccourci UsbFix sur ton Bureau.

    --> Choisis l'option 1 (Nettoyage).

    --> Le PC va redémarrer.

    --> Après redémarrage, poste le rapport UsbFix.txt

    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

    (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
    0
  • 1
  • 2