Aller au contenu

OLsteve

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par OLsteve

  1. OLsteve
    Re, désolé de ne pas avoir répondu plus tôt je devais mêttre des choses à jour avec mon Kaspersky. L'ordinateur s'est comporté normalement il ne détecte rien d'anormal et il ne semble plus être infecté. Merci beaucoup pour ton aide Mala Malekal
  2. OLsteve
    Re J'ai essayé le scan avec Panda mais ça ne marche pas, il télécharge les controles Active X les installe au fur et a mesure..met à jour ses définitions sur le site..mais au moment de démarrer le scan la page ne s'affiche pas. Pour le reste le rapport clean m'a donné ça : Script clean par Malekal_morte - http://www.malekal.com *** SUPPRESSION DES FICHIERS *** Suppressions de trojans/vers sur... *** Suppressions des adware connus... Quand la page noire est apparu il me demandait O/N? en me disant que *tmp (quelque chose comme ça) n'existait pas, j'ai mis oui pour continuer pareil pour l'autre *. Voila le résultat je ne sais pas si c'est normal ou non.
  3. OLsteve
    C'est bon F-Secure a fonctionné. Je ne suis pas sur que ce soit ce que tu voulais comme rapport : 08/07/06 18:16:19 [info]: BlackLight Engine 1.0.42 initialized 08/07/06 18:16:19 [info]: OS: 5.1 build 2600 () 08/07/06 18:16:19 [Note]: 7019 4 08/07/06 18:16:19 [Note]: 7005 0 08/07/06 18:16:22 [Note]: 7006 0 08/07/06 18:16:22 [Note]: 7011 1836 08/07/06 18:16:22 [Note]: 7026 0 08/07/06 18:16:22 [Note]: 7026 0 08/07/06 18:16:36 [Note]: FSRAW library version 1.7.1019 08/07/06 18:19:11 [Note]: 2000 1006 08/07/06 18:19:11 [Note]: 2000 1006 08/07/06 18:21:21 [Note]: 7007 0 Mais F-Secure n'a rien détecté.
  4. OLsteve
    Re Le scan en ligne de Kaspersky n'a pas fonctionné car il me dit au moment de mettre les bases virales à jour : la licence de Kasperky On-line Scanner est perimé. Pour le reste tout a bien fonctionné, je te mets les différents rapports : Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 07/08/2006 16:55:03 Infected! C:\windows\system32\dn4u01h9e.dll Infected! C:\WINDOWS\system32\fp8o03l3e.dll Infected! C:\WINDOWS\system32\r46ulej91ho.dll Infected! C:\WINDOWS\system32\rksutils.dll Infected! C:\windows\System32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\windows\system32\dn4u01h9e.dll C:\windows\system32\dn4u01h9e.dll could not be deleted! Attempting to delete: C:\WINDOWS\system32\fp8o03l3e.dll C:\WINDOWS\system32\fp8o03l3e.dll could not be deleted! Attempting to delete: C:\WINDOWS\system32\r46ulej91ho.dll C:\WINDOWS\system32\r46ulej91ho.dll could not be deleted! Attempting to delete: C:\WINDOWS\system32\rksutils.dll C:\WINDOWS\system32\rksutils.dll could not be deleted! Attempting to delete: C:\windows\System32\guard.tmp C:\windows\System32\guard.tmp could not be deleted! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Applets Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{30FA0307-E2F7-429D-B0D5-79534B267CCB}" HKCR\Clsid\{30FA0307-E2F7-429D-B0D5-79534B267CCB} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 17:43:08 07/08/2006 + Scan result: C:\WINDOWS\system32\dn4u01h9e.dll -> Adware.Look2Me : Cleaned with backup (quarantined). C:\WINDOWS\system32\s4880eluehq80.dll -> Adware.Look2Me : Cleaned with backup (quarantined). HKLM\SOFTWARE\PSGuard.com -> Adware.PSGuard : Error during cleaning. HKLM\SOFTWARE\PSGuard.com\PSGuard -> Adware.PSGuard : Error during cleaning. HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard -> Adware.PSGuard : Error during cleaning. HKLM\SOFTWARE\PSGuard.com\PSGuard\P.S.Guard\License -> Adware.PSGuard : Cleaned with backup (quarantined). HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined). HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined). HKU\S-1-5-21-606747145-308236825-682003330-1004\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined). HKU\S-1-5-21-606747145-308236825-682003330-1004\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\wwku\wwkud\wwkuc.dll -> Adware.TargetServer : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined). C:\WINDOWS\eg_auth_1047.dll -> Dialer.EGroup.s : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Local Settings\Temp\ICD1.tmp\EGDACCESS_1071.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Local Settings\Temp\ICD2.tmp\EGDACCESS_1071.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Local Settings\Temp\ICD3.tmp\EGDACCESS_1071.dll -> Dialer.InstantAccess.f : Cleaned with backup (quarantined). C:\WINDOWS\system32\mtxbde40.dll -> Downloader.Small.cgu : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\wwku\wwkua.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined). C:\Program Files\Fichiers communs\wwku\wwkul.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@aolfr.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@need2find[2].txt -> TrackingCookie.Need2find : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@banner.newyorkcasino[1].txt -> TrackingCookie.Newyorkcasino : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@hekate.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@stats3.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@counter13.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@counter7.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). C:\Documents and Settings\Philippe\Cookies\philippe@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice\Cookies\fabrice@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). C:\Documents and Settings\Fabrice_2\Cookies\fabrice_2@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined). ::Report end Script clean par Malekal_morte - http://www.malekal.com *** SUPPRESSION DES FICHIERS *** Suppressions de trojans/vers sur... C:\windows\keyboard*.dat FOUND C:\windows\newname.dat FOUND C:\windows\unvise32qt.exe FOUND C:\windows\system32\dmcpl.exe FOUND C:\windows\system32\SpoonUninstall.exe FOUND *** Suppressions des adware connus... C:\windows\p2esocks_10??.dll FOUND "C:\windows\Downloaded Program Files\UERSV_*_N*NetInstaller.exe" FOUND Logfile of HijackThis v1.99.1 Scan saved at 18:00:54, on 07/08/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\windows\Explorer.EXE C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\windows\System32\nvsvc32.exe C:\windows\System32\svchost.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\windows\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Crazy Browser\Crazy Browser.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilfen-kizlari.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Documents and Settings\Steve\Mes documents\Divers\Logiciels\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKCU\..\Run: [internet Download Accelerator] C:\Documents and Settings\Steve\Mes documents\Divers\Logiciels\IDA\ida.exe -autorun O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\windows\System32\Shdocvw.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://85.255.113.212/5/s1//q.chm::/file.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://mailzc.d....com/iNotes.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...130302D2D2D.exe O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/sysiasvc32_FR_XP.cab O16 - DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - http://scripts.downloadv3.com/binaries/P2E..._1047_FR_XP.cab O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1059_XP.cab O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGD...ESS_1074_XP.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGD...ESS_1073_XP.cab O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGD...ESS_1072_XP.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: MsgPlusLoader.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) Voila, je pense qu'une bonne partie à déja été nettoyée. Merci pour ta réponse.
  5. OLsteve
    Déja Merci pour ta réponse rapide Mais j'ai peur que ces infections soient plus sérieuses car après le téléchargement de F-Secure lorsque je double clique sur blbeta.exe ce message d'erreur apparait :
  6. OLsteve
    Bonjour, Apres utilisation d'Ad-aware, celui-ci détecte malware.psguard et adware.look2me, mais ne peut les supprimer. J'ai donc effectué le "pré-nettoyage d'un PC infecté", voici mon rapport Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 15:01:24, on 07/08/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\windows\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\SOUNDMAN.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\windows\System32\svchost.exe C:\windows\system32\rundll32.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bilfen-kizlari.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [windlog32] C:\windows\System32\windlog32.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CleanRegPath] C:\PROGRA~1\ADSLMO~1\CleanReg.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /wait O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Documents and Settings\Steve\Mes documents\Divers\Logiciels\CloneDVD\ElbyCheck.exe" /L ElbyDelay O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe O4 - HKCU\..\Run: [internet Download Accelerator] C:\Documents and Settings\Steve\Mes documents\Divers\Logiciels\IDA\ida.exe -autorun O4 - HKCU\..\Run: [windowupdate] C:\windows\windowupdate.exewindowupdate O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Microsoft AntiSpyware helper - {648B5266-7D9F-46AC-A8A2-B14A691851CB} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {648B5266-7D9F-46AC-A8A2-B14A691851CB} - C:\WINDOWS\System32\wldr.dll (file missing) O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\windows\System32\Shdocvw.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:tsk.mht!http://85.255.113.212/5/s1//q.chm::/file.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http://mailzc.d....com/iNotes.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...130302D2D2D.exe O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.dlv4.com/binaries/IA/sysiasvc32_FR_XP.cab O16 - DPF: {71CBDCD9-0830-4470-A890-35D364DA352C} - http://scripts.downloadv3.com/binaries/P2E..._1047_FR_XP.cab O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egaccess4...ss4_1059_XP.cab O16 - DPF: {8D8BAF56-B581-4B90-A549-C4AC6B03F1BB} - http://scripts.downloadv3.com/binaries/EGD...ESS_1074_XP.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C2481ED1-9896-4D49-AE90-69858DFDE446} - http://scripts.downloadv3.com/binaries/EGD...ESS_1073_XP.cab O16 - DPF: {EFB23983-5803-4914-ADA3-C0EA2CFBDC37} - http://scripts.downloadv3.com/binaries/EGD...ESS_1072_XP.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: Applets - C:\windows\system32\dn4u01h9e.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe" /service (file missing) O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe" /service (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) J'ai également employer Look2me-Destroyer, et voici le .txt obtenu : Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 07/08/2006 14:49:02 Infected! C:\System Volume Information\_restore{79513A8F-4138-48C8-AA68-12239D91771D}\RP1\A0000002.dll Infected! C:\windows\System32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\System Volume Information\_restore{79513A8F-4138-48C8-AA68-12239D91771D}\RP1\A0000002.dll C:\System Volume Information\_restore{79513A8F-4138-48C8-AA68-12239D91771D}\RP1\A0000002.dll Deleted successfully! Attempting to delete: C:\windows\System32\guard.tmp C:\windows\System32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{21E1E961-29E2-4DC1-9656-DCD59FEAC84D}" HKCR\Clsid\{21E1E961-29E2-4DC1-9656-DCD59FEAC84D} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C13ED0D5-1332-4884-9189-07643CA5126D}" HKCR\Clsid\{C13ED0D5-1332-4884-9189-07643CA5126D} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{235C684A-58B6-4C81-9BFB-816BEB258872}" HKCR\Clsid\{235C684A-58B6-4C81-9BFB-816BEB258872} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5C603135-F93E-48D4-B6C8-61FE44FB1052}" HKCR\Clsid\{5C603135-F93E-48D4-B6C8-61FE44FB1052} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrateurs - Succeeded Voila merci d'avance pour votre aide, car je pense que mon PC a besoin d'un petit nettoyage
×
×
  • Créer...