| | A l'aide !!! virus |  |
|
|
| Auteur | Message |
|---|
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| Sujet: A l'aide !!! virus  Lun 8 Déc - 18:57:37 | |
| Bonjour a tt le monde !!
Voila, j'ai un problème qui me rends fou...
j'ai bien sur cherché sur le net avant mais a force de voir 36 000 trucs différents, je n'y comprends plus rien..
je tente donc ma chance ici, en espérant vraiment qu'une âme charitable puis me sauver..:s
je suis infecté par le "ppcb_32.exe"
Voila le rapport hijackthis :
Scan saved at 16:36:43, on 08/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\explorer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: globaladsolution - {73a05875-0698-1136-782a-3c0c953854bc} - C:\Windows\system32\nsk66CC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: globaladsolution browser enhancer - {7BB44F19-8650-8695-8B05-EE6A135E3297} - C:\Windows\system32\qbohykryjhbvcia.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [fgbptzebkdd] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
--
End of file - 8602 bytes
merci d'avance | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 19:06:21 | |
| Bonjour et  Commence par faire ceci stp :
- Sous VISTA : Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection)
- Télécharger et enregistrer lopSD sur ton bureau
(c est le numéro 4 en bas de la page) :
- Double-clic Lop S&D
- Faire l'installation
- Fermer toutes les applications
- Le lancer par un double-clic sur le raccourci qui est sur le bureau
* Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur
- Taper F pour français , puis presser entrée
- Taper 1
- Presser Entrée
- Le PC va redémarrer
* Note= si l'antivirus annonce une infection dans TEMP , l'ignorer
- Attendre l'apparition du rapport
- Copier le rapport et le coller dans la réponse
* le rapport se trouve aussi à C:\lopR | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:00:32 | |
| Voila le rapport :
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Rev 1.0
USER : Ethik ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:68 Go (Free:48 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 08/12/2008|20:55 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[12/08/2008|02:08] C:\Users\Ethik\AppData\Local\Adobe
[05/10/2008|14:36] C:\Users\Ethik\AppData\Local\Ahead
[10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Application Data
[10/09/2008|13:08] C:\Users\Ethik\AppData\Local\d3d9caps.dat
[29/11/2008|13:45] C:\Users\Ethik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/11/2008|17:50] C:\Users\Ethik\AppData\Local\GDIPFONTCACHEV1.DAT
[27/10/2008|18:34] C:\Users\Ethik\AppData\Local\Google
[10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Historique
[08/12/2008|20:49] C:\Users\Ethik\AppData\Local\IconCache.db
[16/09/2008|16:35] C:\Users\Ethik\AppData\Local\Installer304
[20/08/2008|15:27] C:\Users\Ethik\AppData\Local\Installer5216
[12/09/2008|01:07] C:\Users\Ethik\AppData\Local\Microsoft
[02/11/2008|18:50] C:\Users\Ethik\AppData\Local\Microsoft Games
[01/09/2008|22:43] C:\Users\Ethik\AppData\Local\Mozilla
[08/12/2008|20:55] C:\Users\Ethik\AppData\Local\Temp
[10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Temporary Internet Files
[23/08/2008|23:24] C:\Users\Ethik\AppData\Local\VirtualStore
[25/09/2008|12:49] C:\Users\Ethik\AppData\Local\Xara
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[08/12/2008 20:51][--ah-----] C:\Windows\tasks\SA.DAT
[08/12/2008 20:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[12/08/2008|02:07] C:\ProgramData\Adobe
[11/08/2008|13:06] C:\ProgramData\Adobe Systems
[02/11/2006|14:02] C:\ProgramData\Application Data
[10/08/2008|22:00] C:\ProgramData\Avira
[05/11/2008|21:33] C:\ProgramData\BOONTY
[10/08/2008|12:52] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[18/08/2008|22:53] C:\ProgramData\EmailNotifier
[15/08/2008|20:07] C:\ProgramData\Ensurebit
[09/10/2008|16:38] C:\ProgramData\ezsidmv.dat
[10/08/2008|12:52] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[11/08/2008|01:54] C:\ProgramData\FLEXnet
[21/08/2008|23:55] C:\ProgramData\Google
[10/08/2008|14:29] C:\ProgramData\Intel
[18/08/2008|22:53] C:\ProgramData\Megaupload
[10/08/2008|12:52] C:\ProgramData\Menu D‚marrer
[15/08/2008|20:56] C:\ProgramData\Messenger Plus!
[20/08/2008|15:08] C:\ProgramData\Microsoft
[10/08/2008|12:52] C:\ProgramData\ModŠles
[05/10/2008|14:17] C:\ProgramData\Nero
[11/08/2008|15:18] C:\ProgramData\NOS
[20/08/2008|02:42] C:\ProgramData\ntuser.pol
[21/08/2008|23:24] C:\ProgramData\rkfree
[10/08/2008|14:29] C:\ProgramData\Roaming
[09/10/2008|16:35] C:\ProgramData\Skype
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[18/11/2008|00:14] C:\ProgramData\uPlayMe
[10/08/2008|21:57] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/08/2008|15:47] C:\Program Files\Adobe
[10/08/2008|22:00] C:\Program Files\Avira
[11/08/2008|15:46] C:\Program Files\Bonjour
[10/08/2008|14:20] C:\Program Files\Broadcom
[19/08/2008|19:44] C:\Program Files\CFWebAdvancedU
[05/11/2008|21:33] C:\Program Files\Common Files
[08/10/2008|01:15] C:\Program Files\DAEMON Tools Lite
[10/08/2008|14:38] C:\Program Files\DIFX
[30/10/2008|15:23] C:\Program Files\DivX
[10/08/2008|14:39] C:\Program Files\EQI
[10/08/2008|12:52] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[09/10/2008|16:31] C:\Program Files\FrostWire
[25/09/2008|23:31] C:\Program Files\Games
[27/10/2008|18:33] C:\Program Files\Google
[25/09/2008|12:48] C:\Program Files\InstallShield Installation Information
[10/08/2008|14:48] C:\Program Files\Intel
[01/10/2008|20:04] C:\Program Files\Internet Explorer
[10/08/2008|23:13] C:\Program Files\Java
[21/11/2008|17:44] C:\Program Files\Lenovo
[08/12/2008|20:52] C:\Program Files\ManyCam 2.3
[01/09/2008|02:17] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[10/08/2008|14:18] C:\Program Files\Motorola
[01/10/2008|20:04] C:\Program Files\Movie Maker
[08/12/2008|20:52] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[07/10/2008|02:00] C:\Program Files\MSXML 4.0
[05/10/2008|14:17] C:\Program Files\Nero
[05/10/2008|13:04] C:\Program Files\NeroInstall.bak
[11/08/2008|15:18] C:\Program Files\NOS
[20/11/2008|18:45] C:\Program Files\OpenOffice.org 3
[08/12/2008|16:29] C:\Program Files\ppcbooster
[13/08/2008|01:38] C:\Program Files\QuickTime
[11/08/2008|22:14] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[09/10/2008|16:35] C:\Program Files\Skype
[10/08/2008|13:00] C:\Program Files\Suyin
[10/08/2008|14:23] C:\Program Files\Synaptics
[08/12/2008|16:35] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[05/12/2008|02:02] C:\Program Files\Veoh Networks
[11/08/2008|15:22] C:\Program Files\VideoLAN
[01/10/2008|20:04] C:\Program Files\Windows Calendar
[01/10/2008|20:04] C:\Program Files\Windows Collaboration
[01/10/2008|20:04] C:\Program Files\Windows Defender
[01/10/2008|20:04] C:\Program Files\Windows Journal
[27/10/2008|03:38] C:\Program Files\Windows Live
[16/10/2008|02:09] C:\Program Files\Windows Mail
[01/10/2008|20:04] C:\Program Files\Windows Media Player
[10/08/2008|12:52] C:\Program Files\Windows NT
[01/10/2008|20:04] C:\Program Files\Windows Photo Gallery
[01/10/2008|20:04] C:\Program Files\Windows Sidebar
[11/08/2008|01:54] C:\Program Files\WinRAR
[08/10/2008|01:19] C:\Program Files\WinZip
[25/09/2008|12:47] C:\Program Files\Xara
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[11/08/2008|15:45] C:\Program Files\Common Files\Adobe
[11/08/2008|13:04] C:\Program Files\Common Files\Adobe Systems Shared
[05/11/2008|21:33] C:\Program Files\Common Files\BOONTY Shared
[10/08/2008|12:57] C:\Program Files\Common Files\InstallShield
[10/08/2008|23:12] C:\Program Files\Common Files\Java
[11/08/2008|15:34] C:\Program Files\Common Files\Macrovision Shared
[10/08/2008|22:02] C:\Program Files\Common Files\microsoft shared
[05/10/2008|14:20] C:\Program Files\Common Files\Nero
[11/08/2008|22:03] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[09/10/2008|16:35] C:\Program Files\Common Files\Skype
[10/08/2008|14:37] C:\Program Files\Common Files\snp2uvc
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[01/10/2008|20:04] C:\Program Files\Common Files\System
[10/08/2008|22:02] C:\Program Files\Common Files\WindowsLiveInstaller
[25/09/2008|12:48] C:\Program Files\Common Files\Xara
--------------------\\ Process
( 58 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Users\Ethik\AppData\Local\Temp\msgpl_8704.tmp
C:\Users\Ethik\AppData\Local\Temp\nsk796F.tmp
C:\Users\Ethik\AppData\Local\Temp\nslAD41.tmp
C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@partypoker[1].txt
C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@888[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 20:55:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1121
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\Ethik\AppData\Local\Temp\install\crack
C:\Users\Ethik\AppData\Local\Temp\install\MS Office 2007 Keygen.nfo
C:\Users\Ethik\AppData\Local\Temp\install\crack\crack.exe
C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\MS Office 2007 Keygen.lnk
C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ms office keygen.lnk
[F:8082][D:524]-> C:\Users\Ethik\AppData\Local\Temp
[F:172][D:1]-> C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1192][D:5]-> C:\Users\Ethik\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 08/12/2008|20:58 - Option : [1]
--------------------\\ Fin du rapport a 20:58:24
[ UAC => 1 ] | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:03:49 | |
| Je te conseille fortement d aller supprimer ces cracks mis en gras en suivant leurs chemins : C:\Users\Ethik\AppData\Local\Temp\install\ crack C:\Users\Ethik\AppData\Local\Temp\install\ MS Office 2007 Keygen.nfo C:\Users\Ethik\AppData\Local\Temp\install\crack\crack.exe C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ MS Office 2007 Keygen.lnk C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ ms office keygen.lnkensuite :
- Relance Lop S&D
- Choisis cette fois-ci l'option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)
* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide) | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:06:11 | |
| [quote="geoffrey5"]Je te conseille fortement d aller supprimer ces cracks mis en gras en suivant leurs chemins :
C:\Users\Ethik\AppData\Local\Temp\install\crack
C:\Users\Ethik\AppData\Local\Temp\install\MS Office 2007 Keygen.nfo
C:\Users\Ethik\AppData\Local\Temp\install\crack\crack.exe
C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\MS Office 2007 Keygen.lnk
C:\Users\Ethik\AppData\Roaming\Microsoft\Windows\Recent\ms office keygen.lnk
Je ne trouve pas les dossier "AppData"
| |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:14:59 | |
| il faut que tu affiches les fichiers et dossiers cachés :
- ouvrir tes documents
- cliquer sur Organiser les dossiers
- Option des dossiers et de recherche
- onglet affichage
- cocher la case "afficher les fichiers et dossiers cachés"
- cliquer sur "appliquer à tous les dossiers"
- Répondre par "oui" à la question posée et ensuite cliquer sur OK
| |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:21:35 | |
| Voila donc le rapport Lop SD apres avoir supprimé les fichiers précédemment cités..:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Rev 1.0
USER : Ethik ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:68 Go (Free:48 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 08/12/2008|21:17 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Users\Ethik\AppData\Local\Temp\msgpl_8704.tmp
Supprime! - C:\Users\Ethik\AppData\Local\Temp\nsk796F.tmp
Supprime! - C:\Users\Ethik\AppData\Local\Temp\nslAD41.tmp
Supprime! - C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@partypoker[1].txt
Supprime! - C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies\ethik@888[2].txt
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[12/08/2008|02:08] C:\Users\Ethik\AppData\Local\Adobe
[05/10/2008|14:36] C:\Users\Ethik\AppData\Local\Ahead
[10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Application Data
[10/09/2008|13:08] C:\Users\Ethik\AppData\Local\d3d9caps.dat
[29/11/2008|13:45] C:\Users\Ethik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/11/2008|17:50] C:\Users\Ethik\AppData\Local\GDIPFONTCACHEV1.DAT
[27/10/2008|18:34] C:\Users\Ethik\AppData\Local\Google
[10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Historique
[08/12/2008|20:49] C:\Users\Ethik\AppData\Local\IconCache.db
[16/09/2008|16:35] C:\Users\Ethik\AppData\Local\Installer304
[20/08/2008|15:27] C:\Users\Ethik\AppData\Local\Installer5216
[12/09/2008|01:07] C:\Users\Ethik\AppData\Local\Microsoft
[02/11/2008|18:50] C:\Users\Ethik\AppData\Local\Microsoft Games
[01/09/2008|22:43] C:\Users\Ethik\AppData\Local\Mozilla
[08/12/2008|21:17] C:\Users\Ethik\AppData\Local\Temp
[10/08/2008|12:55] C:\Users\Ethik\AppData\Local\Temporary Internet Files
[23/08/2008|23:24] C:\Users\Ethik\AppData\Local\VirtualStore
[25/09/2008|12:49] C:\Users\Ethik\AppData\Local\Xara
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[08/12/2008 20:51][--ah-----] C:\Windows\tasks\SA.DAT
[08/12/2008 20:50][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[12/08/2008|02:07] C:\ProgramData\Adobe
[11/08/2008|13:06] C:\ProgramData\Adobe Systems
[02/11/2006|14:02] C:\ProgramData\Application Data
[10/08/2008|22:00] C:\ProgramData\Avira
[05/11/2008|21:33] C:\ProgramData\BOONTY
[10/08/2008|12:52] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[18/08/2008|22:53] C:\ProgramData\EmailNotifier
[15/08/2008|20:07] C:\ProgramData\Ensurebit
[09/10/2008|16:38] C:\ProgramData\ezsidmv.dat
[10/08/2008|12:52] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[11/08/2008|01:54] C:\ProgramData\FLEXnet
[21/08/2008|23:55] C:\ProgramData\Google
[10/08/2008|14:29] C:\ProgramData\Intel
[18/08/2008|22:53] C:\ProgramData\Megaupload
[10/08/2008|12:52] C:\ProgramData\Menu D‚marrer
[15/08/2008|20:56] C:\ProgramData\Messenger Plus!
[20/08/2008|15:08] C:\ProgramData\Microsoft
[10/08/2008|12:52] C:\ProgramData\ModŠles
[05/10/2008|14:17] C:\ProgramData\Nero
[11/08/2008|15:18] C:\ProgramData\NOS
[20/08/2008|02:42] C:\ProgramData\ntuser.pol
[21/08/2008|23:24] C:\ProgramData\rkfree
[10/08/2008|14:29] C:\ProgramData\Roaming
[09/10/2008|16:35] C:\ProgramData\Skype
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[18/11/2008|00:14] C:\ProgramData\uPlayMe
[10/08/2008|21:57] C:\ProgramData\WLInstaller
--------------------\\ Listing des dossiers dans C:\Program Files
[11/08/2008|15:47] C:\Program Files\Adobe
[10/08/2008|22:00] C:\Program Files\Avira
[11/08/2008|15:46] C:\Program Files\Bonjour
[10/08/2008|14:20] C:\Program Files\Broadcom
[19/08/2008|19:44] C:\Program Files\CFWebAdvancedU
[05/11/2008|21:33] C:\Program Files\Common Files
[08/10/2008|01:15] C:\Program Files\DAEMON Tools Lite
[10/08/2008|14:38] C:\Program Files\DIFX
[30/10/2008|15:23] C:\Program Files\DivX
[10/08/2008|14:39] C:\Program Files\EQI
[10/08/2008|12:52] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[09/10/2008|16:31] C:\Program Files\FrostWire
[25/09/2008|23:31] C:\Program Files\Games
[27/10/2008|18:33] C:\Program Files\Google
[25/09/2008|12:48] C:\Program Files\InstallShield Installation Information
[10/08/2008|14:48] C:\Program Files\Intel
[01/10/2008|20:04] C:\Program Files\Internet Explorer
[10/08/2008|23:13] C:\Program Files\Java
[21/11/2008|17:44] C:\Program Files\Lenovo
[08/12/2008|20:52] C:\Program Files\ManyCam 2.3
[01/09/2008|02:17] C:\Program Files\Messenger Plus! Live
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[10/08/2008|14:18] C:\Program Files\Motorola
[01/10/2008|20:04] C:\Program Files\Movie Maker
[08/12/2008|21:08] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[07/10/2008|02:00] C:\Program Files\MSXML 4.0
[05/10/2008|14:17] C:\Program Files\Nero
[05/10/2008|13:04] C:\Program Files\NeroInstall.bak
[11/08/2008|15:18] C:\Program Files\NOS
[20/11/2008|18:45] C:\Program Files\OpenOffice.org 3
[08/12/2008|16:29] C:\Program Files\ppcbooster
[13/08/2008|01:38] C:\Program Files\QuickTime
[11/08/2008|22:14] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[09/10/2008|16:35] C:\Program Files\Skype
[10/08/2008|13:00] C:\Program Files\Suyin
[10/08/2008|14:23] C:\Program Files\Synaptics
[08/12/2008|16:35] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[05/12/2008|02:02] C:\Program Files\Veoh Networks
[11/08/2008|15:22] C:\Program Files\VideoLAN
[01/10/2008|20:04] C:\Program Files\Windows Calendar
[01/10/2008|20:04] C:\Program Files\Windows Collaboration
[01/10/2008|20:04] C:\Program Files\Windows Defender
[01/10/2008|20:04] C:\Program Files\Windows Journal
[27/10/2008|03:38] C:\Program Files\Windows Live
[16/10/2008|02:09] C:\Program Files\Windows Mail
[01/10/2008|20:04] C:\Program Files\Windows Media Player
[10/08/2008|12:52] C:\Program Files\Windows NT
[01/10/2008|20:04] C:\Program Files\Windows Photo Gallery
[01/10/2008|20:04] C:\Program Files\Windows Sidebar
[11/08/2008|01:54] C:\Program Files\WinRAR
[08/10/2008|01:19] C:\Program Files\WinZip
[25/09/2008|12:47] C:\Program Files\Xara
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[11/08/2008|15:45] C:\Program Files\Common Files\Adobe
[11/08/2008|13:04] C:\Program Files\Common Files\Adobe Systems Shared
[05/11/2008|21:33] C:\Program Files\Common Files\BOONTY Shared
[10/08/2008|12:57] C:\Program Files\Common Files\InstallShield
[10/08/2008|23:12] C:\Program Files\Common Files\Java
[11/08/2008|15:34] C:\Program Files\Common Files\Macrovision Shared
[10/08/2008|22:02] C:\Program Files\Common Files\microsoft shared
[05/10/2008|14:20] C:\Program Files\Common Files\Nero
[11/08/2008|22:03] C:\Program Files\Common Files\PX Storage Engine
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[09/10/2008|16:35] C:\Program Files\Common Files\Skype
[10/08/2008|14:37] C:\Program Files\Common Files\snp2uvc
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[01/10/2008|20:04] C:\Program Files\Common Files\System
[10/08/2008|22:02] C:\Program Files\Common Files\WindowsLiveInstaller
[25/09/2008|12:48] C:\Program Files\Common Files\Xara
--------------------\\ Process
( 60 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 21:17:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 1121
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:8067][D:520]-> C:\Users\Ethik\AppData\Local\Temp
[F:170][D:1]-> C:\Users\Ethik\AppData\Roaming\MICROS~1\Windows\Cookies
[F:1198][D:5]-> C:\Users\Ethik\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 08/12/2008|20:58 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 08/12/2008|21:20 - Option : [2]
--------------------\\ Fin du rapport a 21:20:23
[ UAC => 1 ] | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:32:22 | |
| Ok... Refais un nouveau rapport hijackthis stp | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:38:40 | |
| Voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:57, on 08/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: globaladsolution - {73a05875-0698-1136-782a-3c0c953854bc} - C:\Windows\system32\nsk66CC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: globaladsolution browser enhancer - {7BB44F19-8650-8695-8B05-EE6A135E3297} - C:\Windows\system32\qbohykryjhbvcia.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [fgbptzebkdd] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
-- | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:43:37 | |
| ==> Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): - Va dans démarrer puis panneau de configuration - Double Clique sur l'icône "Comptes d'utilisateurs" - Clique ensuite sur désactiver et valide.
- Télécharge et enregistre le fichier d installation sur ton bureau :
https://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
- Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
- Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
- Au menu principal choisi l'option "A"
- Poste le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report.log ) (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:47:58 | |
| voila le rapport
--------- Logfile of AD-Remover 1.0.6.5 by C_XX ---------
# START at: 21:46:36 | Mon 08/12/2008 ON Microsoft® Windows Vista ™ v6.0.6001
# BOOT MODE: Normal
(!) - /!\ UAC is enable /!\
# OPTION: Scan
# EXECUTED FROM: C:\Users\Ethik\Desktop\AD-Remover.bat
# PC: PC-DE-ETHIK | USER: Ethik ( Current user is an administrator )
# DRIVE(S): C:\ D:\ E:\ F:\
# Systemdrive: C:\ (NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 55 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\TPHDEXLG.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found..
Found ! - "Boonty Games" (service)
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[05/11/2008 21:33|d--------] C:\Program Files\Common Files\BOONTY Shared
[05/11/2008 21:33|d--------] C:\ProgramData\BOONTY
[05/11/2008 21:33|d--------] C:\ProgramData\BOONTY
+-----------------------| Eorezo Elements found..
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[11/08/2008 15:18|d--------] C:\Users\Ethik\AppData\Roaming\EoRezo
+-----------------------| Everest Poker Elements found..
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found..
.
+-----------------------| Messenger Skinner Elements found..
.
+-----------------------| Sweetim Elements found..
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:40|d--------] C:\Users\Ethik\AppData\Roaming\Mozilla\Firefox\Profiles\4bcztihi.default\SweetIMToolbarData
+-----------------------| ADDED SCAN ..
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\4bcztihi.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
+----------+
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{25D74F10-9615-11DD-B376-001C26E551FD}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Veoh REG_SZ "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
(par d‚faut) REG_SZ
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ManyCam REG_SZ "C:\Program Files\ManyCam 2.3\ManyCam.exe"
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
TpShocks REG_SZ C:\WINDOWS\system32\TpShocks.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
fgbptzebkdd REG_SZ C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.google.fr/
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://eo.st
+---------------------------------------------------------------------------+
- "C:\AD-report-08.12.2008.log" (8120 octets)
[ END at: 21:46:43 | 08/12/2008 ] - [ Time elapsed: 7.3 seconds ]
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 169 lines ]
+---------------------------------------------------------------------------+ | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Lun 8 Déc - 23:56:18 | |
| ok maintenant fais ceci stp : ! Déconnectes toi et fermes toutes applications en cours !
- Relances "Ad-remover" : au menu principal choisi l'option "B" .
- Coche à l'écran de sélection :
Suppression Boonty/BoontyGames
Suppression Eorezo
Suppression Sweetim
- Puis choisi "S" , le programme va travailler,
- Postes le rapport qui apparait à la fin.
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log ) ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:10:44 | |
| voila
*** Limited to ***
Boonty/BoontyGames
Eorezo
Sweetim
******************
# START at: 22:01:44 | Mon 08/12/2008 ON Microsoft® Windows Vista ™ v6.0.6001
# BOOT MODE: Normal
(!) - /!\ UAC is enable /!\
# OPTION: Scan
# EXECUTED FROM: C:\Users\Ethik\Desktop\AD-Remover.bat
# PC: PC-DE-ETHIK | USER: Ethik ( Current user is an administrator )
# DRIVE(S): C:\ D:\ E:\ F:\
# Systemdrive: C:\ (NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 53 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\System32\TPHDEXLG.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted..
"HKEY_CURRENT_USER\SOFTWARE\Boonty"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\Software\Boonty"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
[05/11/2008 21:33|d--------] C:\Program Files\Common Files\BOONTY Shared
[05/11/2008 21:33|d--------] C:\ProgramData\BOONTY
+-----------------------| Eorezo Elements Deleted..
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[11/08/2008 15:18|d--------] C:\Users\Ethik\AppData\Roaming\EoRezo
+-----------------------| Sweetim Elements Deleted..
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
/!\ NOT DELETED -"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[09/10/2008 17:40|d--------] C:\Users\Ethik\AppData\Roaming\Mozilla\Firefox\Profiles\4bcztihi.default\SweetIMToolbarData
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
Second run ...
""HKEY_LOCAL_MACHINE\Software\Boonty"" - RESIST !
""HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"" - DELETED !
""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"" - DELETED !
""HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"" - DELETED !
""HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"" - RESIST !
""HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"" - RESIST !
""HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"" - RESIST !
""HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"" - RESIST !
""HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"" - RESIST !
""HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"" - RESIST !
""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"" - DELETED !
""HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"" - RESIST !
+---------------------------------------------------------------------------+
+------------------------------- ADDED SCAN ..
+---------------------------------------------------------------------------+
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\4bcztihi.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
+----------+
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{25D74F10-9615-11DD-B376-001C26E551FD}");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.6");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Veoh REG_SZ "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
(par d‚faut) REG_SZ
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ManyCam REG_SZ "C:\Program Files\ManyCam 2.3\ManyCam.exe"
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
TpShocks REG_SZ C:\WINDOWS\system32\TpShocks.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
fgbptzebkdd REG_SZ C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-08.12.2008.log" (10119 octets)
[ END at: 22:09:11 | 08/12/2008 ] - [ Time elapsed: 7 minutes, 27 seconds ]
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 199 lines ]
+---------------------------------------------------------------------------+ | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:14:00 | |
| La suppression ne s est pas bien réalisée  Je pense que tu n as pas désactivé le contrôle des comptes comme je t avais demandé... Il faut aller désactiver le contrôle des comptes utilisateurs et recommencer la suppression avec l'option B | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:20:08 | |
| dsl, j'aivais oublié ce détail..
Voila le nouveau rapport, UAC désactivé | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:20:19 | |
| --------- Logfile of AD-Remover 1.0.6.5 by C_XX ---------
*** Limited to ***
Boonty/BoontyGames
Eorezo
Sweetim
******************
# START at: 22:17:02 | Mon 08/12/2008 ON Microsoft® Windows Vista ™ v6.0.6001
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan
# EXECUTED FROM: C:\Users\Ethik\Desktop\AD-Remover.bat
# PC: PC-DE-ETHIK | USER: Ethik ( Current user is an administrator )
# DRIVE(S): C:\ D:\ E:\ F:\
# Systemdrive: C:\ (NTFS)
# Internet Explorer v7.0.6001.18000
--------- [ RUNNING PROCESSES: 55 ] ---------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\ntvdm.exe
C:\Windows\system32\wbem\wmiprvse.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Boonty/Boonty Games Elements Deleted..
"HKEY_LOCAL_MACHINE\Software\Boonty"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Boonty Games"
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"
.
+-----------------------| Eorezo Elements Deleted..
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
+-----------------------| Sweetim Elements Deleted..
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+---------------------------------------------------------------------------+
+------------------------------- ADDED SCAN ..
+---------------------------------------------------------------------------+
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\4bcztihi.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
+----------+
+--[HKEY_CURRENT_USER\..\Run]
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Veoh REG_SZ "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
(par d‚faut) REG_SZ
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
ManyCam REG_SZ "C:\Program Files\ManyCam 2.3\ManyCam.exe"
VeohPlugin REG_SZ "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
+--[HKEY_LOCAL_MACHINE\..\Run]
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
TpShocks REG_SZ C:\WINDOWS\system32\TpShocks.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
fgbptzebkdd REG_SZ C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\qbohykryjhbvcia.dll"
+--[HKEY_USERS\.DEFAULT\..\Run]
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-08.12.2008.log" (6004 octets)
[ END at: 22:17:50 | 08/12/2008 ] - [ Time elapsed: 47.8 seconds ]
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 149 lines ]
+---------------------------------------------------------------------------+ | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 0:35:38 | |
| Très bien... Maintenant fais ceci stp :
- Télécharge Malwarebytes
- Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
- Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
- Lance une analyse complète en cliquant sur "<gras>Exécuter un examen complet</gras>"
- Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
- L'analyse peut durer un bon moment.....
- Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
- Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
- Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question poséeEt ensuite refais un nouveau rapport hijackthis stp | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:20:41 | |
| rapport malware
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1475
Windows 6.0.6001 Service Pack 1
09/12/2008 00:14:59
mbam-log-2008-12-09 (00-14-59).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 148649
Temps écoulé: 1 hour(s), 28 minute(s), 48 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cont_globaladsolution (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73a05875-0698-1136-782a-3c0c953854bc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73a05875-0698-1136-782a-3c0c953854bc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7bb44f19-8650-8695-8b05-ee6a135e3297} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7bb44f19-8650-8695-8b05-ee6a135e3297} (Adware.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fgbptzebkdd (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Windows\nohh06760.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\regsvr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\cont_globaladsolution-remove.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsglobaladsolution.dll (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\nsk66CC.dll (Adware.BHO) -> Quarantined and deleted successfully. | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:21:32 | |
| rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:21:04, on 09/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
--
End of file - 7535 bytes | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:29:11 | |
| Redémarre l'ordinateur en mode sans échec Comment redémarrer en mode sans échec ??
Et va le supprimer en suivant ce chemin : (supprime le dossier)
C:\Program Files\ppcbooster\ppcb_32.exe
ensuite refais un nouveau rapport hijackthis stp | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:30:43 | |
| vide ta corbeille avant de refaire le rapport hijackthis | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 2:39:26 | |
| voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:39:01, on 09/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
--
End of file - 7729 bytes | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 4:35:23 | |
| Est ce que tu as bien supprimé le dossier et vider ta corbeille avant de refaire un rapport hijackthis ?? | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 5:54:20 | |
| Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53:47, on 09/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ManyCam 2.3\ManyCam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
--
End of file - 7631 bytes | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 16:55:59 | |
| Salut 
- Dans la barre des tâches, cliquer sur Démarrer puis sur Exécuter.
- Taper Msconfig puis cliquer sur OK
- Cliquer sur l'onglet "Démarrage"
- Décocher la case ppcb_32
- Et ensuite cliquer sur Appliquer ==> OK
Ensuite redémarre le PC et refais un nouveau rapport hijackthis stp | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:40:06 | |
| Salut ;p et merci encors pour l'aide
alor voila le nouveau hijackthis une fois la manip effectuée
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:39, on 09/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TpShocks] C:\WINDOWS\system32\TpShocks.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.3\ManyCam.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218406405825&h=80192c0155783bd3c07571c91ba83474/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
--
End of file - 7419 bytes | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:43:46 | |
| Très bien... Maintenant fais ceci stp :
- Télécharge RegCleaner
- Une fois installé, double-clique sur son icône pour l'exécuter
- Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language
- recherche French.rlg et double-clique dessus pour appliquer la langue
- Clique ensuite sur Outils dans la barre de menu
- Sélectionne Nettoyage du registre => Nettoyeur de registre automatique
- RegCleaner va alors lancer le nettoyage automatiquement
- Coche ensuite les entrées invalides et clique sur Supprimer sélections => Terminer => Quitter
Est-ce que tu as le logiciel Spybot ?? | |
|
| | |
Ethik
Membre
Nombre de messages : 15
Age : 38
Date d'inscription : 08/12/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:44:33 | |
| | |
|
| | |
geoffrey5
Admin
Nombre de messages : 1849
Age : 43
Localisation : Liège - Belgique
Système d\'exploitation * : XP IBM processeur Intel Celeron 2.4ghz 1.5GB RAM
Date d'inscription : 28/07/2008
| | Sujet: Re: A l'aide !!! virus Mar 9 Déc - 17:48:43 | |
| Ok... Après avoir fait RegCleaner :
- Télécharge Spybot Search & Destroy sur mon site web.
- Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.
Fais une mise à jour et une analyse... Ensuite viens signaler si tu as encore des problèmes | |
|
| | |
Contenu sponsorisé
| | Sujet: Re: A l'aide !!! virus | |
| |
|
| | |
| | A l'aide !!! virus | |
|
