Sujet Précédent Sujet Suivant

Aider moi svp car mon pc est infecte

Résolu
djearadjou Messages postés 44 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
depuis ce martin mon pc est affecte par un virus est je vous donne le raport de hijackthis puisque vous pouvez savoir plus de mon prob.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:04, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\windows\system32\frmwrk32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
0
Réponse 2 / 31
djearadjou Messages postés 44 Statut Membre 1
 
j'arrive pas installer le sdfix ,il s'affiche que le exe file est corrumpu
0
Réponse 3 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
désactive tes protection et refais sdfix car il est parfois considéré comme infecté mais ce n'est pas le cas

si impossible:

Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr pour faire evoluer msnfix
0
djearadjou Messages postés 44 Statut Membre 1
 
bonjour
j'ai telecharger le sdfix et voila le resultat

[b]SDFix: Version 1.240 [/b]
Run by DJEARADJOU on 15/12/2008 at 14:24

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Service asc3550p - Deleted after Reboot

[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
0
Réponse 4 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
le rapport est incomplet

fais un rapport msnfix aussi svp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
djearadjou Messages postés 44 Statut Membre 1
 
j'ai le upload_me file mais jenesais pas comment vous envoyer
0
Réponse 6 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu_ as le rapport sdfix complet, msnfix svp

mets les

puis remet un rapport hijackthis
0
Réponse 7 / 31
djearadjou Messages postés 44 Statut Membre 1
 
je ne trouve pas de rapport de sdfix et msnfix mais parcontre le hijackthis c'est bon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:06, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\windows\system32\frmwrk32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 8 / 31
djearadjou Messages postés 44 Statut Membre 1
 
je ne trouve pas de rapport de sdfix et msnfix mais parcontre le hijackthis c'est bon
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:06, on 15/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\System32\nvsvc32.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\windows\system32\frmwrk32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 9 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 10 / 31
djearadjou Messages postés 44 Statut Membre 1
 
d'aboard je vous remercie mille fois.car mbam a tout nettoyer et debarasser le virus.et voila le rapport
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1501
Windows 5.1.2600 Service Pack 3

15/12/2008 19:10:59
mbam-log-2008-12-15 (19-10-59).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 141941
Temps écoulé: 1 hour(s), 33 minute(s), 39 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Failed to unload process.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Delete on reboot.
0
Réponse 11 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 12 / 31
djearadjou Messages postés 44 Statut Membre 1
 
voici le resultat
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : BIOS Date: 07/06/06 10:49:41 Ver: 08.00.10
USER : DJEARADJOU ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan Enterprise 8.5.0.781 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:74 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 15/12/2008|20:30 )

--------------------\\ Listing des dossiers dans APPLIC~1

[11/11/2008|16:35] C:\DOCUME~1\admin\APPLIC~1\Adobe
[11/11/2008|00:28] C:\DOCUME~1\admin\APPLIC~1\Identities
[11/11/2008|12:13] C:\DOCUME~1\admin\APPLIC~1\Macromedia
[17/11/2008|20:43] C:\DOCUME~1\admin\APPLIC~1\Media Player Classic
[17/11/2008|21:10] C:\DOCUME~1\admin\APPLIC~1\Microsoft

[28/11/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[19/11/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[18/11/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/11/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/11/2008|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[11/12/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[09/12/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[15/12/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/11/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17/11/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/11/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[09/12/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[13/12/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/11/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
[15/12/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/11/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/11/2008|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[11/11/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/12/2008|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[20/11/2008|11:32] C:\DOCUME~1\DAMIEN\APPLIC~1\Adobe
[20/11/2008|11:41] C:\DOCUME~1\DAMIEN\APPLIC~1\Apple Computer
[17/11/2008|20:46] C:\DOCUME~1\DAMIEN\APPLIC~1\Identities
[02/12/2008|12:15] C:\DOCUME~1\DAMIEN\APPLIC~1\Macromedia
[20/11/2008|14:36] C:\DOCUME~1\DAMIEN\APPLIC~1\Microsoft
[24/11/2008|12:07] C:\DOCUME~1\DAMIEN\APPLIC~1\Mozilla
[24/11/2008|12:04] C:\DOCUME~1\DAMIEN\APPLIC~1\Nero
[13/12/2008|06:02] C:\DOCUME~1\DAMIEN\APPLIC~1\PC Suite

[10/11/2008|23:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[10/09/2008|17:12] C:\DOCUME~1\DJEARA~1\APPLIC~1\Adobe
[20/11/2008|15:38] C:\DOCUME~1\DJEARA~1\APPLIC~1\Ahead
[28/11/2008|17:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Apple Computer
[15/12/2008|01:34] C:\DOCUME~1\DJEARA~1\APPLIC~1\BitTorrent
[21/11/2008|15:11] C:\DOCUME~1\DJEARA~1\APPLIC~1\DivX
[15/12/2008|20:26] C:\DOCUME~1\DJEARA~1\APPLIC~1\DNA
[30/11/2008|18:35] C:\DOCUME~1\DJEARA~1\APPLIC~1\dvdcss
[22/11/2008|22:26] C:\DOCUME~1\DJEARA~1\APPLIC~1\EPSON
[11/12/2008|17:22] C:\DOCUME~1\DJEARA~1\APPLIC~1\ESTsoft
[10/09/2008|09:16] C:\DOCUME~1\DJEARA~1\APPLIC~1\GibbHill Properties Ltd
[19/06/2008|11:14] C:\DOCUME~1\DJEARA~1\APPLIC~1\Google
[17/11/2008|20:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\Identities
[18/11/2008|10:07] C:\DOCUME~1\DJEARA~1\APPLIC~1\InstallShield
[30/08/2008|10:09] C:\DOCUME~1\DJEARA~1\APPLIC~1\Macromedia
[15/12/2008|17:20] C:\DOCUME~1\DJEARA~1\APPLIC~1\Malwarebytes
[15/12/2008|00:00] C:\DOCUME~1\DJEARA~1\APPLIC~1\Microsoft
[05/09/2008|17:51] C:\DOCUME~1\DJEARA~1\APPLIC~1\Mozilla
[14/12/2008|11:37] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nero
[09/12/2008|18:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nokia
[13/12/2008|19:39] C:\DOCUME~1\DJEARA~1\APPLIC~1\PC Suite
[21/11/2008|09:48] C:\DOCUME~1\DJEARA~1\APPLIC~1\Simple Star
[21/11/2008|10:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\vlc
[15/12/2008|14:53] C:\DOCUME~1\DJEARA~1\APPLIC~1\WinRAR

[18/11/2008|18:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[09/12/2008|17:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\windows\tasks

[12/12/2008 17:40][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
[15/12/2008 20:25][--ah-----] C:\windows\tasks\SA.DAT
[07/10/2003 01:00][-r-h-----] C:\windows\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[14/12/2008|22:41] C:\Program Files\Alice
[15/12/2008|09:57] C:\Program Files\Alwil Software
[18/11/2008|17:21] C:\Program Files\Apple Software Update
[14/12/2008|21:54] C:\Program Files\ArtMoney
[16/11/2008|20:54] C:\Program Files\Belkin
[18/11/2008|17:48] C:\Program Files\BitTorrent
[25/11/2008|10:28] C:\Program Files\Bonjour
[15/12/2008|09:36] C:\Program Files\CCleaner
[17/11/2008|20:43] C:\Program Files\Combined Community Codec Pack
[10/11/2008|23:25] C:\Program Files\ComPlus Applications
[10/12/2008|12:47] C:\Program Files\Conduit
[09/12/2008|18:43] C:\Program Files\DIFX
[21/11/2008|15:10] C:\Program Files\DivX
[15/12/2008|20:26] C:\Program Files\DNA
[15/12/2008|07:25] C:\Program Files\eMule
[22/11/2008|23:30] C:\Program Files\epson
[10/12/2008|10:59] C:\Program Files\ESTsoft
[09/12/2008|18:44] C:\Program Files\Fichiers communs
[14/12/2008|11:14] C:\Program Files\Google
[13/12/2008|13:10] C:\Program Files\Hybrid Client
[14/12/2008|21:55] C:\Program Files\iHabbix Ltd
[15/12/2008|07:38] C:\Program Files\iHabbix V3
[14/12/2008|23:14] C:\Program Files\InstallShield Installation Information
[11/11/2008|10:49] C:\Program Files\Intel
[14/12/2008|22:58] C:\Program Files\Internet Explorer
[28/11/2008|17:53] C:\Program Files\iPod
[28/11/2008|17:54] C:\Program Files\iTunes
[15/12/2008|17:20] C:\Program Files\Malwarebytes' Anti-Malware
[11/11/2008|15:17] C:\Program Files\McAfee
[25/11/2008|18:18] C:\Program Files\McDonaldsFairies
[11/11/2008|21:32] C:\Program Files\Messenger
[10/11/2008|23:27] C:\Program Files\microsoft frontpage
[13/11/2008|19:47] C:\Program Files\Microsoft Office
[13/11/2008|19:46] C:\Program Files\Microsoft.NET
[14/12/2008|17:12] C:\Program Files\Mindscape
[11/11/2008|20:59] C:\Program Files\Movie Maker
[15/12/2008|19:42] C:\Program Files\Mozilla Firefox
[11/11/2008|16:02] C:\Program Files\MSBuild
[10/11/2008|23:25] C:\Program Files\MSN
[10/11/2008|23:25] C:\Program Files\MSN Gaming Zone
[20/11/2008|17:50] C:\Program Files\MSXML 4.0
[09/12/2008|19:15] C:\Program Files\MSXML 6.0
[21/11/2008|09:49] C:\Program Files\Nero
[11/11/2008|20:56] C:\Program Files\NetMeeting
[09/12/2008|19:16] C:\Program Files\Nokia
[29/11/2008|12:55] C:\Program Files\NRJ
[28/11/2008|18:24] C:\Program Files\Ontrack
[11/11/2008|20:56] C:\Program Files\Outlook Express
[15/12/2008|09:15] C:\Program Files\Panda Security
[09/12/2008|18:43] C:\Program Files\PC Connectivity Solution
[14/12/2008|23:14] C:\Program Files\PC Inspector File Recovery
[14/12/2008|11:14] C:\Program Files\Picasa2
[28/11/2008|17:53] C:\Program Files\QuickTime
[11/11/2008|12:27] C:\Program Files\Realtek
[11/11/2008|15:58] C:\Program Files\Reference Assemblies
[28/11/2008|17:44] C:\Program Files\Safari
[10/11/2008|23:25] C:\Program Files\Services en ligne
[15/12/2008|00:29] C:\Program Files\SoftLogica
[15/12/2008|17:57] C:\Program Files\Spybot - Search & Destroy
[15/12/2008|09:07] C:\Program Files\Trend Micro
[11/11/2008|00:28] C:\Program Files\Uninstall Information
[19/11/2008|15:49] C:\Program Files\USB Drive Data Recovery (Demo)
[21/11/2008|10:55] C:\Program Files\VideoLAN
[18/11/2008|09:57] C:\Program Files\Vimicro
[11/11/2008|16:37] C:\Program Files\Western Digital
[09/12/2008|17:08] C:\Program Files\Windows Live
[29/11/2008|12:58] C:\Program Files\Windows Media Components
[13/12/2008|14:55] C:\Program Files\Windows Media Connect 2
[13/12/2008|14:55] C:\Program Files\Windows Media Player
[11/11/2008|20:56] C:\Program Files\Windows NT
[11/11/2008|10:36] C:\Program Files\WindowsUpdate
[11/11/2008|10:36] C:\Program Files\WinRAR
[14/12/2008|15:10] C:\Program Files\WS Script Black
[10/11/2008|23:27] C:\Program Files\xerox
[15/12/2008|09:48] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/11/2008|17:51] C:\Program Files\Fichiers communs\Apple
[11/11/2008|15:17] C:\Program Files\Fichiers communs\Cisco Systems
[13/11/2008|19:47] C:\Program Files\Fichiers communs\DESIGNER
[18/11/2008|10:11] C:\Program Files\Fichiers communs\InstallShield
[11/11/2008|15:17] C:\Program Files\Fichiers communs\McAfee
[21/11/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
[10/11/2008|23:25] C:\Program Files\Fichiers communs\MSSoap
[21/11/2008|12:36] C:\Program Files\Fichiers communs\Nero
[09/12/2008|18:44] C:\Program Files\Fichiers communs\Nokia
[31/12/2001|23:26] C:\Program Files\Fichiers communs\ODBC
[09/12/2008|18:44] C:\Program Files\Fichiers communs\PCSuite
[10/11/2008|23:26] C:\Program Files\Fichiers communs\Services
[21/11/2008|09:52] C:\Program Files\Fichiers communs\Simple Star Shared
[31/12/2001|23:26] C:\Program Files\Fichiers communs\SpeechEngines
[29/11/2008|12:52] C:\Program Files\Fichiers communs\Symantec Shared
[13/11/2008|19:46] C:\Program Files\Fichiers communs\System
[17/11/2008|21:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 61 Processes )

iexplore.exe ~ [PID:3076]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\nsx4E.tmp
C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload
C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:31:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 19

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:36][D:67]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp
[F:54][D:0]-> C:\DOCUME~1\DJEARA~1\Cookies
[F:2111][D:4]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 15/12/2008|20:33 - Option : [1]

--------------------\\ Fin du rapport a 20:33:40
0
Réponse 13 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
lop sd

* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)

__________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 14 / 31
djearadjou Messages postés 44 Statut Membre 1
 
--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : BIOS Date: 07/06/06 10:49:41 Ver: 08.00.10
USER : DJEARADJOU ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan Enterprise 8.5.0.781 (Activated)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:74 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 15/12/2008|20:51 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\nsx4E.tmp
Supprime! - C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload\BitDownload Downloads.lnk
Supprime! - C:\DOCUME~1\DJEARA~1\MENUDM~1\PROGRA~1\BitDownload
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[11/11/2008|16:35] C:\DOCUME~1\admin\APPLIC~1\Adobe
[11/11/2008|00:28] C:\DOCUME~1\admin\APPLIC~1\Identities
[11/11/2008|12:13] C:\DOCUME~1\admin\APPLIC~1\Macromedia
[17/11/2008|20:43] C:\DOCUME~1\admin\APPLIC~1\Media Player Classic
[17/11/2008|21:10] C:\DOCUME~1\admin\APPLIC~1\Microsoft

[28/11/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[19/11/2008|16:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[18/11/2008|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[28/11/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[23/11/2008|09:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[11/12/2008|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESTsoft
[09/12/2008|19:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
[15/12/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/11/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[17/11/2008|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[25/11/2008|09:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[09/12/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
[13/12/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
[21/11/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simple Star Shared
[15/12/2008|17:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/11/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[22/11/2008|23:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[11/11/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/12/2008|17:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[20/11/2008|11:32] C:\DOCUME~1\DAMIEN\APPLIC~1\Adobe
[20/11/2008|11:41] C:\DOCUME~1\DAMIEN\APPLIC~1\Apple Computer
[17/11/2008|20:46] C:\DOCUME~1\DAMIEN\APPLIC~1\Identities
[02/12/2008|12:15] C:\DOCUME~1\DAMIEN\APPLIC~1\Macromedia
[20/11/2008|14:36] C:\DOCUME~1\DAMIEN\APPLIC~1\Microsoft
[24/11/2008|12:07] C:\DOCUME~1\DAMIEN\APPLIC~1\Mozilla
[24/11/2008|12:04] C:\DOCUME~1\DAMIEN\APPLIC~1\Nero
[13/12/2008|06:02] C:\DOCUME~1\DAMIEN\APPLIC~1\PC Suite

[10/11/2008|23:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[10/09/2008|17:12] C:\DOCUME~1\DJEARA~1\APPLIC~1\Adobe
[20/11/2008|15:38] C:\DOCUME~1\DJEARA~1\APPLIC~1\Ahead
[28/11/2008|17:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Apple Computer
[15/12/2008|01:34] C:\DOCUME~1\DJEARA~1\APPLIC~1\BitTorrent
[21/11/2008|15:11] C:\DOCUME~1\DJEARA~1\APPLIC~1\DivX
[15/12/2008|20:46] C:\DOCUME~1\DJEARA~1\APPLIC~1\DNA
[30/11/2008|18:35] C:\DOCUME~1\DJEARA~1\APPLIC~1\dvdcss
[22/11/2008|22:26] C:\DOCUME~1\DJEARA~1\APPLIC~1\EPSON
[11/12/2008|17:22] C:\DOCUME~1\DJEARA~1\APPLIC~1\ESTsoft
[10/09/2008|09:16] C:\DOCUME~1\DJEARA~1\APPLIC~1\GibbHill Properties Ltd
[19/06/2008|11:14] C:\DOCUME~1\DJEARA~1\APPLIC~1\Google
[17/11/2008|20:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\Identities
[18/11/2008|10:07] C:\DOCUME~1\DJEARA~1\APPLIC~1\InstallShield
[30/08/2008|10:09] C:\DOCUME~1\DJEARA~1\APPLIC~1\Macromedia
[15/12/2008|17:20] C:\DOCUME~1\DJEARA~1\APPLIC~1\Malwarebytes
[15/12/2008|00:00] C:\DOCUME~1\DJEARA~1\APPLIC~1\Microsoft
[05/09/2008|17:51] C:\DOCUME~1\DJEARA~1\APPLIC~1\Mozilla
[14/12/2008|11:37] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nero
[09/12/2008|18:54] C:\DOCUME~1\DJEARA~1\APPLIC~1\Nokia
[13/12/2008|19:39] C:\DOCUME~1\DJEARA~1\APPLIC~1\PC Suite
[21/11/2008|09:48] C:\DOCUME~1\DJEARA~1\APPLIC~1\Simple Star
[21/11/2008|10:56] C:\DOCUME~1\DJEARA~1\APPLIC~1\vlc
[15/12/2008|14:53] C:\DOCUME~1\DJEARA~1\APPLIC~1\WinRAR

[18/11/2008|18:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[09/12/2008|17:11] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\windows\tasks

[12/12/2008 17:40][--a------] C:\windows\tasks\AppleSoftwareUpdate.job
[15/12/2008 20:25][--ah-----] C:\windows\tasks\SA.DAT
[07/10/2003 01:00][-r-h-----] C:\windows\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[14/12/2008|22:41] C:\Program Files\Alice
[15/12/2008|09:57] C:\Program Files\Alwil Software
[18/11/2008|17:21] C:\Program Files\Apple Software Update
[14/12/2008|21:54] C:\Program Files\ArtMoney
[16/11/2008|20:54] C:\Program Files\Belkin
[18/11/2008|17:48] C:\Program Files\BitTorrent
[25/11/2008|10:28] C:\Program Files\Bonjour
[15/12/2008|09:36] C:\Program Files\CCleaner
[17/11/2008|20:43] C:\Program Files\Combined Community Codec Pack
[10/11/2008|23:25] C:\Program Files\ComPlus Applications
[10/12/2008|12:47] C:\Program Files\Conduit
[09/12/2008|18:43] C:\Program Files\DIFX
[21/11/2008|15:10] C:\Program Files\DivX
[15/12/2008|20:26] C:\Program Files\DNA
[15/12/2008|07:25] C:\Program Files\eMule
[22/11/2008|23:30] C:\Program Files\epson
[10/12/2008|10:59] C:\Program Files\ESTsoft
[09/12/2008|18:44] C:\Program Files\Fichiers communs
[14/12/2008|11:14] C:\Program Files\Google
[13/12/2008|13:10] C:\Program Files\Hybrid Client
[14/12/2008|21:55] C:\Program Files\iHabbix Ltd
[15/12/2008|07:38] C:\Program Files\iHabbix V3
[14/12/2008|23:14] C:\Program Files\InstallShield Installation Information
[11/11/2008|10:49] C:\Program Files\Intel
[14/12/2008|22:58] C:\Program Files\Internet Explorer
[28/11/2008|17:53] C:\Program Files\iPod
[28/11/2008|17:54] C:\Program Files\iTunes
[15/12/2008|17:20] C:\Program Files\Malwarebytes' Anti-Malware
[11/11/2008|15:17] C:\Program Files\McAfee
[25/11/2008|18:18] C:\Program Files\McDonaldsFairies
[11/11/2008|21:32] C:\Program Files\Messenger
[10/11/2008|23:27] C:\Program Files\microsoft frontpage
[13/11/2008|19:47] C:\Program Files\Microsoft Office
[13/11/2008|19:46] C:\Program Files\Microsoft.NET
[14/12/2008|17:12] C:\Program Files\Mindscape
[11/11/2008|20:59] C:\Program Files\Movie Maker
[15/12/2008|19:42] C:\Program Files\Mozilla Firefox
[11/11/2008|16:02] C:\Program Files\MSBuild
[10/11/2008|23:25] C:\Program Files\MSN
[10/11/2008|23:25] C:\Program Files\MSN Gaming Zone
[20/11/2008|17:50] C:\Program Files\MSXML 4.0
[09/12/2008|19:15] C:\Program Files\MSXML 6.0
[21/11/2008|09:49] C:\Program Files\Nero
[11/11/2008|20:56] C:\Program Files\NetMeeting
[09/12/2008|19:16] C:\Program Files\Nokia
[29/11/2008|12:55] C:\Program Files\NRJ
[28/11/2008|18:24] C:\Program Files\Ontrack
[11/11/2008|20:56] C:\Program Files\Outlook Express
[15/12/2008|09:15] C:\Program Files\Panda Security
[09/12/2008|18:43] C:\Program Files\PC Connectivity Solution
[14/12/2008|23:14] C:\Program Files\PC Inspector File Recovery
[14/12/2008|11:14] C:\Program Files\Picasa2
[28/11/2008|17:53] C:\Program Files\QuickTime
[11/11/2008|12:27] C:\Program Files\Realtek
[11/11/2008|15:58] C:\Program Files\Reference Assemblies
[28/11/2008|17:44] C:\Program Files\Safari
[10/11/2008|23:25] C:\Program Files\Services en ligne
[15/12/2008|00:29] C:\Program Files\SoftLogica
[15/12/2008|17:57] C:\Program Files\Spybot - Search & Destroy
[15/12/2008|09:07] C:\Program Files\Trend Micro
[11/11/2008|00:28] C:\Program Files\Uninstall Information
[19/11/2008|15:49] C:\Program Files\USB Drive Data Recovery (Demo)
[21/11/2008|10:55] C:\Program Files\VideoLAN
[18/11/2008|09:57] C:\Program Files\Vimicro
[11/11/2008|16:37] C:\Program Files\Western Digital
[09/12/2008|17:08] C:\Program Files\Windows Live
[29/11/2008|12:58] C:\Program Files\Windows Media Components
[13/12/2008|14:55] C:\Program Files\Windows Media Connect 2
[13/12/2008|14:55] C:\Program Files\Windows Media Player
[11/11/2008|20:56] C:\Program Files\Windows NT
[11/11/2008|10:36] C:\Program Files\WindowsUpdate
[11/11/2008|10:36] C:\Program Files\WinRAR
[14/12/2008|15:10] C:\Program Files\WS Script Black
[10/11/2008|23:27] C:\Program Files\xerox
[15/12/2008|09:48] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[28/11/2008|17:51] C:\Program Files\Fichiers communs\Apple
[11/11/2008|15:17] C:\Program Files\Fichiers communs\Cisco Systems
[13/11/2008|19:47] C:\Program Files\Fichiers communs\DESIGNER
[18/11/2008|10:11] C:\Program Files\Fichiers communs\InstallShield
[11/11/2008|15:17] C:\Program Files\Fichiers communs\McAfee
[21/11/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
[10/11/2008|23:25] C:\Program Files\Fichiers communs\MSSoap
[21/11/2008|12:36] C:\Program Files\Fichiers communs\Nero
[09/12/2008|18:44] C:\Program Files\Fichiers communs\Nokia
[31/12/2001|23:26] C:\Program Files\Fichiers communs\ODBC
[09/12/2008|18:44] C:\Program Files\Fichiers communs\PCSuite
[10/11/2008|23:26] C:\Program Files\Fichiers communs\Services
[21/11/2008|09:52] C:\Program Files\Fichiers communs\Simple Star Shared
[31/12/2001|23:26] C:\Program Files\Fichiers communs\SpeechEngines
[29/11/2008|12:52] C:\Program Files\Fichiers communs\Symantec Shared
[13/11/2008|19:46] C:\Program Files\Fichiers communs\System
[17/11/2008|21:09] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:53:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 19

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[F:36][D:66]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp
[F:57][D:0]-> C:\DOCUME~1\DJEARA~1\Cookies
[F:2260][D:4]-> C:\DOCUME~1\DJEARA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 15/12/2008|20:33 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 15/12/2008|20:54 - Option : [2]

--------------------\\ Fin du rapport a 20:54:34
0
Réponse 15 / 31
djearadjou Messages postés 44 Statut Membre 1
 
le resultat de activescan ;

***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-15 22:09:15
PROTECTIONS: 1
MALWARE: 46
SUSPECTS: 5
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Enterprise 8.5.0.781 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00020386 Application/MotherboardMonitor.A HackTools No 0 Yes No C:\Program Files\WS Script Black\usr\bin\dll\moo.dll
00020386 Application/MotherboardMonitor.A HackTools No 0 Yes No C:\Program Files\WS Script Black\dll\moo.dll
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\SV\1\Cookies\damien@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Local Settings\Temporary Internet Files\Content.IE5\EVZ2AH58\231D5815E49B1F55EFE137816A50[1].jpg
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@tradedoubler[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@mediaplex[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\SV\1\Cookies\damien@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@com[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@xiti[1].txt
00167709 Cookie/fe.lea.lycos TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fe.lea.lycos[2].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@toplist[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@counter.hitslink[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@888[2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@www.burstbeacon[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@weborama[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@weborama[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@server.iad.liveperson[2].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@fl01.ct2.comclick[1].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@fl01.ct2.comclick[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@media.adrevolver[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@zedo[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@int.sitestat[1].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@int.sitestat[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@adrevolver[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@searchportal.information[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@searchportal.information[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@adviva[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@smartadserver[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\DAMIEN\Cookies\damien@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\admin\Cookies\admin@smartadserver[2].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\DJEARADJOU\Cookies\djearadjou@smartadserver[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@www3.addfreestats[1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\SV\D\Documents and Settings\DJEARADJOU\Cookies\djearadjou@ehg-dig.hitbox[2].txt
01648935 Application/Pskill.V HackTools No 0 Yes No C:\Program Files\WS Script Black\usr\bin\dll\Procs.dll
03738686 Generic Malware Virus/Trojan No 0 No No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe[C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe[C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc9.exe][SDFix\catchme.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\WS Script Black\mirc.exe
No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc5.zip[MSNFix/incl/catchme.exe]
No C:\RECYCLER\S-1-5-21-725345543-1993962763-839522115-1005\Dc6\MSNFix\incl\catchme.exe
No C:\SV\D\INCOMINGS\Nero 8 Serial Crack.zip[nero8x.exe]
No C:\SV\D\TORRENTS DOWNLOADS\MSN Messenger Live + Plus + Plugins + Emoticons + Patches (AIO)\MAiO.exe[AutoPlay/Docs/MDL_1.1.0155.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 16 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vide ta corbeille

puis

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
C:\Program Files\WS Script Black\usr\bin\dll\moo.dll
C:\Program Files\WS Script Black\dll\moo.dll
C:\Program Files\WS Script Black\usr\bin\dll\Procs.dll
C:\Program Files\WS Script Black\mirc.exe
C:\SV\D\INCOMINGS\Nero 8 Serial Crack.zip
C:\SV\D\TORRENTS DOWNLOADS\MSN Messenger Live + Plus + Plugins + Emoticons + Patches (AIO)\MAiO.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________

dis moi ensuite comment se comporte ton pc
0
Réponse 17 / 31
djearadjou Messages postés 44 Statut Membre 1
 
voila le resultat:
et mon pc est tres stable et affichage sur le bureau (your system infected) est disparu
========== FILES ==========
File/Folder C:\Program Files\WS Script Black\usr\bin\dll\moo.dll not found.
File/Folder C:\Program Files\WS Script Black\dll\moo.dll not found.
File/Folder C:\Program Files\WS Script Black\usr\bin\dll\Procs.dll not found.
C:\Program Files\WS Script Black\mirc.exe moved successfully.
C:\SV\D\INCOMINGS\Nero 8 Serial Crack.zip moved successfully.
C:\SV\D\TORRENTS DOWNLOADS\MSN Messenger Live + Plus + Plugins + Emoticons + Patches (AIO)\MAiO.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12152008_235650
un grand merci a vs pour votre precious assistance et le temps vs avez concacrer pour moi
0
Réponse 18 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
dis moi ensuite comment se comporte ton pc

et remets un scan hijakchits
0
Réponse 19 / 31
djearadjou Messages postés 44 Statut Membre 1
 
Bonjour
mon pc marchr bien et sans souci garce a votre intervention et voila le resultat de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:38, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\windows\System32\nvsvc32.exe
C:\Program Files\DNA\btdna.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 189.26.78.248:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Register urlmon.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\urlmon.dll
O4 - HKLM\..\RunOnce: [Register hlink.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\hlink.dll
O4 - HKLM\..\RunOnce: [Register oleaut32.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\oleaut32.dll
O4 - HKLM\..\RunOnce: [IE 3.0 RegSvr schannel.dll] C:\windows\system32\regsvr32.exe /s C:\windows\system32\schannel.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\DJEARA~1\LOCALS~1\Temp\E_S420.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\DJEARADJOU\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 20 / 31
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Choisis l'option 1 (Nettoyage).

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0