Sujet Précédent Sujet Suivant

Problème suite combofix

sabi77 Messages postés 11 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Ce matin mon anti-virus m'a affiché que j'avais des virus dont un fichier qu'il n'arrivait pas a supprimé, de plus j'avais une page internet qui revenait sans arrêt je suis venue sur le site pour voir ce que je pouvais faire et dans un post il y avait indiqué de faire un combo fix..

Avant cela j'ai executé spybot et ensuite combofix

Maintenant l'ordi fonctionne mais il manque des fichiers apparemment, au démarrage j'ai un message d'erreur pour launcher.exe qui me dit qu'il manque le fichier tlib_log.dll, la fonction executer de windows ne fonctionne plus et les mises a jour d'office 2003 ne peuvent pas s'installer.

Je vous post le rapport de combofix, si vous pouvez voir quelque chose qui aurait mal tourné, merci de m'aider.

ComboFix 08-12-14.05 - maison 2008-12-15 16:00:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.411 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
* Created a new restore point
* Resident AV is active

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
[color=purple]The following files were disabled during the run:[/color]
c:\windows\system32\hazobolu.dll
c:\windows\system32\yuwegiju.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\maison\Application Data\rhcjdwj0e13e
c:\documents and settings\maison\Local Settings\Application Data\wiywiee.dat
c:\documents and settings\maison\Local Settings\Application Data\wiywiee.exe
c:\documents and settings\maison\Local Settings\Application Data\wiywiee_nav.dat
c:\documents and settings\maison\Local Settings\Application Data\wiywiee_navps.dat
c:\windows\system32\bagenowu.dll
c:\windows\system32\bizivena.dll
c:\windows\system32\bolubafo.dll
c:\windows\system32\burivuvu.dll
c:\windows\system32\buvowunu.dll
c:\windows\system32\buyowezu.dll
c:\windows\system32\dadonuge.dll
c:\windows\system32\famaduto.dll
c:\windows\system32\fikefuwi.dll
c:\windows\system32\fufezefu.dll
c:\windows\system32\gizehure.dll
c:\windows\system32\hasolawo.dll
c:\windows\system32\hazobolu.dll.vir
c:\windows\system32\hefamupa.dll
c:\windows\system32\hupeveka.dll
c:\windows\system32\huwiyize.dll
c:\windows\system32\jaccrkdncbxf.dll
c:\windows\system32\javiyatu.dll
c:\windows\system32\juwikedo.dll
c:\windows\system32\kaziboha.dll
c:\windows\system32\kojonuse.dll
c:\windows\system32\komurejo.dll
c:\windows\system32\kubuyula.dll
c:\windows\system32\kujewafi.dll
c:\windows\system32\kupomewo.dll
c:\windows\system32\ladiveto.dll
c:\windows\system32\lifudake.dll
c:\windows\system32\maruvuji.dll
c:\windows\system32\meruyuwa.dll
c:\windows\system32\mojamovi.dll
c:\windows\system32\mokagesi.dll
c:\windows\system32\mugufivu.dll
c:\windows\system32\nehejipe.dll
c:\windows\system32\newujuhi.dll
c:\windows\system32\pafigulo.dll
c:\windows\system32\piyejiko.dll
c:\windows\system32\rilihezo.dll
c:\windows\system32\ropafapa.dll
c:\windows\system32\sejelafo.dll
c:\windows\system32\sogoyiyi.dll
c:\windows\system32\sohiniyu.dll
c:\windows\system32\tedalulo.dll
c:\windows\system32\vibojiju.dll
c:\windows\system32\vonavesu.dll
c:\windows\system32\vunefamo.dll
c:\windows\system32\vuzutodu.dll
c:\windows\system32\wifupuso.dll
c:\windows\system32\yekarupi.dll
c:\windows\system32\yihosuva.dll
c:\windows\system32\yimetudi.dll
c:\windows\system32\yonesefe.dll
c:\windows\system32\yuwegiju.dll.vir
c:\windows\system32\zifawino.dll
c:\windows\system32\zofisuvu.dll
c:\windows\system32\zojivosa.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-15 14:59 . 2008-12-15 14:59 120 --ahs---- c:\windows\system32\aluyubuk.ini
2008-12-15 09:34 . 2008-12-15 12:40 <REP> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 09:34 . 2008-12-15 14:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 09:15 . 2008-12-15 13:35 <REP> d-------- c:\program files\Enigma Software Group
2008-12-11 07:14 . 2008-12-11 07:14 <REP> d-------- c:\program files\PC Inspector File Recovery
2008-12-11 07:14 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD
2008-12-10 17:27 . 2008-12-13 03:46 <REP> d-------- c:\program files\eMule
2008-12-01 01:17 . 2008-12-01 01:17 <REP> d-------- c:\program files\SweetIM
2008-12-01 01:17 . 2008-12-01 01:17 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2008-12-01 01:17 . 2008-12-01 01:17 <REP> d-------- c:\documents and settings\All Users\Application Data\SweetIM
2008-11-16 21:16 . 2008-11-16 21:16 <REP> d-------- c:\program files\Canal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 14:56 --------- d-----w c:\program files\FlashGet
2008-12-15 10:18 --------- d-----w c:\documents and settings\maison\Application Data\U3
2008-12-13 13:29 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-11 06:14 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-22 20:49 --------- d-----w c:\program files\DivX
2008-11-09 14:53 --------- d-----w c:\program files\GV AbsoluCasino
2008-11-08 19:11 --------- d-----w c:\program files\Apple Software Update
2008-11-08 19:09 --------- d-----w c:\program files\iTunes
2008-11-08 19:09 --------- d-----w c:\program files\iPod
2008-11-08 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-08 19:09 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-08 19:07 --------- d-----w c:\program files\QuickTime
2008-11-08 19:07 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-08 18:58 --------- d-----w c:\program files\Bonjour
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-27 19:37 --------- d-----w c:\program files\McDonaldsFairies
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-05 08:28 29,480 ----a-w c:\windows\system32\msxml3a.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-03-14 12:06 60,518 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-03-14 12:06 49,248 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-03-14 12:06 165,992 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-05-19 21:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051920080520\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-11-17 49152]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-08-25 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320]
"Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VX3000"="c:\windows\vVX3000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-11-17 3022848]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Canal Widget"="c:\program files\Canal\Canal Widget\Launcher.exe" [2008-12-09 103992]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-17 111928]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172544]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\maison\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R1 GhPciScan;GhostPciScanner;\??\c:\program files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 5632]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2008-03-14 58016]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-06-27 15:50:32 61424]
R2 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\autorun.exe
\Shell\directx\command - e:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2252fceb-ca01-11dd-8ac2-0007cb0000ff}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae4c6752-71f2-11dd-8a6b-0007cb0000ff}]
\Shell\AutoRun\command - I:\LaunchU3.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{070DE8E8-0940-DD63-4091-B3416F0715A5} - c:\windows\system32\jaccrkdncbxf.dll
BHO-{b8331087-5273-45a4-aa47-933adc86aed9} - c:\windows\system32\meruyuwa.dll
HKLM-Run-CPMdf134de9 - c:\windows\system32\yuwegiju.dll
HKLM-Run-neyifumedi - c:\windows\system32\zomudumu.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-Antivirus - c:\program files\SAV\sav.exe
MSConfigStartUp-CPMdf134de9 - c:\windows\system32\yuwegiju.dll
MSConfigStartUp-dc207e75 - c:\windows\system32\kubuyula.dll
MSConfigStartUp-lphcndwj0e13e - c:\windows\system32\lphcndwj0e13e.exe
MSConfigStartUp-neyifumedi - c:\windows\system32\zomudumu.dll
MSConfigStartUp-SMrhcjdwj0e13e - c:\program files\rhcjdwj0e13e\rhcjdwj0e13e.exe
MSConfigStartUp-wiywiee - c:\documents and settings\maison\local settings\application data\wiywiee.exe

.
------- Supplementary Scan -------
.
uStart Page = free.fr/
uInternet Connection Wizard,ShellNext = hxxp://www.vista-inspirat.net/fr/
uInternet Settings,ProxyOverride = *.local
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: *.canal-plus.com
TCP: {3560A282-D10C-421D-A510-63AEE6536C62} = 212.27.40.241,212.27.40.240

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 16:05:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\jcq7dn0h.TMP 616448 bytes

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\EntApi.dll

- - - - - - - > 'explorer.exe'(1260)
c:\windows\system32\EntApi.dll
c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\windows\system32\nView.dll
c:\windows\system32\NVWRSFR.DLL
c:\windows\system32\nvwddi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Canal\Canal Widget\Canal Widget.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SoftwareDistribution\Download\2ae0551b81457e76c13969a941d90294\update\update.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-12-15 16:14:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 15:14:36

Pre-Run: 143ÿ013ÿ175ÿ296 octets libres
Post-Run: 143,165,542,400 octets libres

308 --- E O F --- 2008-11-18 21:43:40

Merci d'avance

21 réponses

  • 1
  • 2
Réponse 1 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

1/

---> Démarre Spybot, clique sur Mode, coche Mode avancé.
---> A gauche, clique sur Outils, puis sur Résident.
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot.

2/

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

3/

● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur l'icône Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 2 / 21
sabi77 Messages postés 11 Statut Membre
 
Merci pour ta reponse, voilà le rapport MBAM :

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1506
Windows 5.1.2600 Service Pack 3

16/12/2008 09:56:02
mbam-log-2008-12-16 (09-56-02).txt

Type de recherche: Examen rapide
Eléments examinés: 57192
Temps écoulé: 6 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\favupabo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuvoseku.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nujebobo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.

Et ensuite le rapport Ad-remover :

--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------

# START at: 10:02:21 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MAISON-F581BF92 | USER: maison ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- E:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 46 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| Messenger Skinner Elements found :

.

+-----------------------| Sweetim Elements found :

"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\Toolbars
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\default.xml
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMA~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGARCH~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgcommon.dll
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGCOMM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgconfig.dll
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGFLAS~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGHOOK~1.DLL
[17/11/2008 11:32|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQA~1.DLL
[17/11/2008 11:32|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGIEPL~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mglogger.dll
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMEDI~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNA~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNM~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSIMC~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSWEE~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGUPDA~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGXML_~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~2.DLL
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcp71.dll
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\SweetIM.exe
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\AUDIBL~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\DISPLA~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\EMOTIC~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\NUDGEB~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\SOUNDF~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\WINKSB~1.PNG
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\CLEARH~1.EXE
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\conf
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\default.xml
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgcommon.dll
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgconfig.dll
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mgHelper.dll
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\mglogger.dll
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGSIMC~1.DLL
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGTOOL~1.DLL
[08/10/2008 12:22|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\MGXML_~1.DLL
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\msvcp71.dll
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\msvcr71.dll
[01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\conf\logger.xml
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\affid.dat
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\basis.xml
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\BOOKMA~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\EMAIL_~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\GAMES_~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\GREETI~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\Logo.bmp
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\MOBILE~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\MUSIC_~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\NEWS_2~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SHOPIN~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SMILEY~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SMILEY~2.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\SWEETI~1.BMP
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\toolbar.xml
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\Toolbars\INTERN~1\RESOUR~1\version.txt
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\logs
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\update
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\adapter.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\AUTOUP~1.XML
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\logger.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\messages.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\sweetim.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\SWEETI~1.XML
[01/12/2008 01:18|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[01/12/2008 01:18|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[01/12/2008 01:18|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\SABERI~1.COM
[10/12/2008 21:11|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\SABERI~1.COM\CONTEN~1.XML
[01/12/2008 01:18|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\SABERI~1.COM\EMOTIC~1.XML
[01/12/2008 01:18|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\SABERI~1.COM\USER_C~1.XML
[01/12/2008 01:19|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[13/05/2007 21:13|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001089B.dat
[01/12/2008 01:19|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1
[01/12/2008 01:17|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache
[01/12/2008 01:17|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\INTERN~1\cache\F64A71~1.XML
[16/12/2008 08:40|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
[15/12/2008 21:36|--a------] C:\DOCUME~1\maison\Cookies\MA5B74~1.TXT

+-----------------------| ADDED SCAN :

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

+--[HKEY_LOCAL_MACHINE\..\Run]

ShStatEXE REG_SZ "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI REG_SZ "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service REG_SZ "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
SoundMan REG_SZ SOUNDMAN.EXE
GhostStartTrayApp REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
nwiz REG_SZ nwiz.exe /install
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
VX3000 REG_SZ C:\WINDOWS\vVX3000.exe
LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RemoteControl8 REG_SZ "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
PDVD8LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
BDRegion REG_SZ C:\Program Files\Cyberlink\Shared Files\brs.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Canal Widget REG_SZ "C:\Program Files\Canal\Canal Widget\Launcher.exe"
SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-16.12.2008.log" (~21830 bytes)

# END at: 10:02:41 | 16/12/2008 - Time elapsed: 19.8 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 276 lines ]
+---------------------------------------------------------------------------+

Merci pour ton aide
0
Réponse 3 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

● Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

● Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

Suppression Boonty/BoontyGames (Si trouvé)
Suppression Eorezo (Si trouvé)
Suppression Everest Poker (Si trouvé)
Suppression Funwebproduct/MyWay/MyWebsearch (Si trouvé)
Suppression Messenger Skinner (Si trouvé)
Suppression Sweetim (Si trouvé)

● Puis choisis S, le programme va travailler.

● Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\
0
Réponse 4 / 21
sabi77 Messages postés 11 Statut Membre
 
ok j'ai fait tout ce que tu m'as dit et voilà le rapport :

--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------

*** Limited to ***

Boonty/BoontyGames
Eorezo
Everest Poker
Funwebproduct/MyWay/MyWebsearch
Messenger Skinner
Sweetim

******************

# START at: 19:06:21 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MAISON-F581BF92 | USER: maison ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)
- E:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 47 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Boonty/Boonty Games Elements Deleted :

.

+-----------------------| Eorezo Elements Deleted :

.

+-----------------------| Everest Poker Elements Deleted :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.

+-----------------------| Messenger Skinner Elements Deleted :

.

+-----------------------| Sweetim Elements Deleted :

"HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
"HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
"HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook"
"HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE"
"HKEY_CLASSES_ROOT\Toolbar3.SWEETIE.1"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{EEE6C35D-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0337C6624F0C5E94F8025AF6F9288257"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
/!\ NOT DELETED - [01/12/2008 01:17|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [16/12/2008 19:06|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[01/12/2008 01:17|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
/!\ NOT DELETED - [16/12/2008 08:40|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
[16/12/2008 15:45|--a------] C:\DOCUME~1\maison\Cookies\MA5774~1.TXT

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

************* /!\ File(s)/Folder(s) Not Deleted /!\ *************

"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"

Second run ...

"C:\Program Files\SweetIM\Messenger" - RESIST !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - RESIST !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - RESIST !
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf" - RESIST !

+-----------------------| ADDED SCAN :

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit

+--[HKEY_LOCAL_MACHINE\..\Run]

ShStatEXE REG_SZ "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
McAfeeUpdaterUI REG_SZ "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
Network Associates Error Reporting Service REG_SZ "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
SoundMan REG_SZ SOUNDMAN.EXE
GhostStartTrayApp REG_SZ C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
nwiz REG_SZ nwiz.exe /install
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
VX3000 REG_SZ C:\WINDOWS\vVX3000.exe
LifeCam REG_SZ "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RemoteControl8 REG_SZ "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
PDVD8LanguageShortcut REG_SZ "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
BDRegion REG_SZ C:\Program Files\Cyberlink\Shared Files\brs.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Canal Widget REG_SZ "C:\Program Files\Canal\Canal Widget\Launcher.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-16.12.2008.log" (~15453 bytes)

- "C:\AD-report-Scan-16.12.2008.log" (~22166 bytes)

# END at: 19:13:46 | 16/12/2008 - Time elapsed: 7 minutes, 25 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 210 lines ]
+---------------------------------------------------------------------------+

et voilà ...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 6 / 21
sabi77 Messages postés 11 Statut Membre
 
Voici le premier :

Logfile of random's system information tool 1.04 (written by random/random)
Run by maison at 2008-12-16 20:50:28
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 136 GB (89%) free of 153 GB
Total RAM: 1023 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:47, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\maison\Local Settings\Temporary Internet Files\Content.IE5\TMB3EBQI\RSIT[1].exe
C:\Program Files\trend micro\maison.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.vista-inspirat.net/fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3560A282-D10C-421D-A510-63AEE6536C62}: NameServer = 212.27.40.241,212.27.40.240
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
0
Réponse 7 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul sabi77 peut suivre cette procédure /!\

1/

---> Désinstalle AD-Remover.

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

File::
c:\windows\system32\aluyubuk.ini
C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf

Folder::
c:\program files\GV AbsoluCasino
C:\Program Files\SweetIM

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 8 / 21
sabi77 Messages postés 11 Statut Membre
 
Bonsoir,

ça na marche pas, combofix reste bloqué sur une fenetre bleu, j'ai essayé 2 fois 30 minutes.

Que dois-je faire ?

Merci.
0
Réponse 9 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
c:\windows\system32\aluyubuk.ini
C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf
c:\program files\GV AbsoluCasino
C:\Program Files\SweetIM

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 10 / 21
sabi77 Messages postés 11 Statut Membre
 
ok le voilà :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\system32\aluyubuk.ini moved successfully.
C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf moved successfully.
File/Folder c:\program files\GV AbsoluCasino not found.
C:\Program Files\SweetIM\Messenger moved successfully.
C:\Program Files\SweetIM moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\maison\LOCALS~1\Temp\~DF4D47.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12162008_223805

Files moved on Reboot...
File C:\DOCUME~1\maison\LOCALS~1\Temp\~DF4D47.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

J'ai plus accès a ma messagerie, ça fait comme quand je voulais faire une mise a jour. mais là il me dit que le fichier MAPI32.DLL est corrompu
0
Réponse 11 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Quelle messagerie ?
0
Réponse 12 / 21
sabi77 Messages postés 11 Statut Membre
 
outlook 2003, c'est comme si il n'existait plus quand je le lance une fenetre windows installer se met et ensuite il veut le fichier pro11 et quand j'annule il me dit qu'il manque le fichier MAPI32.DLL ou qu'il est corrompu
0
Réponse 13 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
http://www.cdxperso.be/integration-doffice-2003
0
Réponse 14 / 21
sabi77 Messages postés 11 Statut Membre
 
Je n'ai pas le cd d'installation d'office 2003, c'est une vrai version mais je n'ai pas les cd !!
0
Réponse 15 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
http://www.microsoft.com/downloads/details.aspx?displaylang=fr&FamilyID=e25b7049-3e13-433b-b9d2-5e3c1132f206
0
Réponse 16 / 21
sabi77 Messages postés 11 Statut Membre
 
la mise a jour office sp3 etait déjà intallé, donc ça n'a pas fonctionné et je n'avais plus d'anti-virus, j'ai fait une restoration après combofix de 21h13 et tout refonctionne.

Pour moi c'etait a cause de otmoveit3.

Qu'est ce que je pourrais faire d'autre ?
0
Réponse 17 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Refais OTMoveIt car il n'y a aucun rapport avec Outlook.
0
Réponse 18 / 21
sabi77 Messages postés 11 Statut Membre
 
Bien, donc j'ai refais OTMoveIt et ça a refait exactement la meme chose qu'hier pour mon anti-virus ça disait : 'impossible d'acceder au serveur local' et pour outlook deès que j'essaie de l'ouvrir il doit s'installer et quand je fais annuler, il me dit : 'le fichier mapi32.dll est corrompu ou correspond à une vrsion incorrecte.
j'ai donc refait une restoration...
Je ne comprends pas ??
0
Réponse 19 / 21
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
SweetIM est associé à Outlook ?
0
Réponse 20 / 21
sabi77 Messages postés 11 Statut Membre
 
je ne sais pas je ne connais pas sweetIm ?

Comment je peux le savoir ?
0

Discussions similaires

au secours un virus trés con
khlifi.hamza -
khlifi.hamza -

12 réponses
Mon ordi est lent depuis hier
Chantal1979 -
geoffrey5 -

8 réponses
probleme utilisation combofix
rj01 -
fix200 -

28 réponses
Plus aucun accès aux sites d'antivirus
Make Tacos Not War -
Utilisateur anonyme -

31 réponses
ComboFix Demare pas -_-
thecrazyclown -
gen-hackman -

22 réponses