Aller au contenu

nico72

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par nico72

  1. nico72
    Quelqu'un peut continuer à m'aider Merci
  2. nico72
    Bonjours, Merci Pear pour ton aide, Voici le rapport de SDFix SDFix: Version 1.116 Run by LEPROUX on 03/03/2009 at 21:39 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL" "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA" "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe"="C:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe:*:Enabled:CyclingManager" "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter" "X:\\Program Files\\Microsoft Games\\Age of Empires II\\AGE2_X1\\AGE2_X1.ICD"="X:\\Program Files\\Microsoft Games\\Age of Empires II\\AGE2_X1\\AGE2_X1.ICD:*:Enabled:AGE2_X1.ICD" "C:\\Program Files\\Player Metaboli\\GPlayer.exe"="C:\\Program Files\\Player Metaboli\\GPlayer.exe:*:Enabled:Player Metaboli" "X:\\Program files\\Codemasters\\Worms 4 Mayhem\\Worms 4 Mayhem.exe"="X:\\Program files\\Codemasters\\Worms 4 Mayhem\\Worms 4 Mayhem.exe:*:Enabled:Worms 4 Mayhem.exe" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Documents and Settings\\LEPROUX\\Mes documents\\OFFICE One Zip\\eMule_PRO_Ultra3_0.48a_new\\emule.exe"="C:\\Documents and Settings\\LEPROUX\\Mes documents\\OFFICE One Zip\\eMule_PRO_Ultra3_0.48a_new\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- Files with Hidden Attributes: Fri 27 Oct 2006 208 ..SH. --- "C:\BOOT.BAK" Fri 27 Feb 2009 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak" Fri 27 Feb 2009 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak" Fri 5 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 18 Dec 2006 7,089,284 A..H. --- "C:\Documents and Settings\FOURMOND\Local Settings\Temp\dn22E.tmp" Mon 22 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\BIT3.tmp" Mon 22 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp" Tue 31 May 2005 106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll" Finished! Ensuite le rapport de la "Recherche" de SmitfraudFix SmitFraudFix v2.398 Rapport fait à 15:08:13,60, 04/03/2009 Executé à partir de C:\Documents and Settings\LEPROUX\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\MioNet\MioNetManager.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Documents and Settings\LEPROUX\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ieupdates.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEPROUX »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEPROUX\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LEPROUX\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\LEPROUX\MENUDM~1\PROGRA~1\MovieCommander PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LEPROUX\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\MovieCommander\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=dword:00000001 "AppInit_DLLs"="yohmsk.dll pguycc.dll jurbtf.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="lsass.exe" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.116.55 DNS Server Search Order: 85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9657A14-C46E-4136-994A-1D10D6843493}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9657A14-C46E-4136-994A-1D10D6843493}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9657A14-C46E-4136-994A-1D10D6843493}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer= HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer= HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer= »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Ensuite le rapport du "Nettoyage" de SmitfraudFix SmitFraudFix v2.398 Rapport fait à 15:15:52,29, 04/03/2009 Executé à partir de C:\Documents and Settings\LEPROUX\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\ieupdates.exe supprimé C:\DOCUME~1\LEPROUX\MENUDM~1\PROGRA~1\MovieCommander supprimé C:\Program Files\MovieCommander\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9657A14-C46E-4136-994A-1D10D6843493}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9657A14-C46E-4136-994A-1D10D6843493}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9657A14-C46E-4136-994A-1D10D6843493}: DhcpNameServer=85.255.116.55,85.255.112.136 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer= HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer= HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer= »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="lsass.exe" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Par contre pour Malwarebytes' Anti-Malware, je l'ai bien installé mais je n'arrive pas à l'exécuter donc je suis coincé pour l'analyse de celui-ci. Je suis aussi obligé d'aller chercher les log. autrement que par tes liens parce que quand je clique dessus firefox m'ouvre une page "La connexion a échoué Firefox ne peut établir de connexion avec le serveur à l'adresse ........".
  3. nico72
    slt à tous Voilà mon pc doit etre comtaminé par un ou plusieurs virus. J'ai plusieurs problèmes,le premier est l'ouverture de ma session qui se bloque de temps en temps et le pc est planté,le second est que j'ai des ouvertures de pages internet intempestives et le dernier qui est que je n'arrive plus à mettre à jour mon antivirus(mc afee) dont la license est toujours valable et qui me dis que je n'ai plus de connection internet. Ma configuration est une version de Windows XP Édition Media Center,mon antivirus est donc mc afee total protection 2009,j'ai effectué des analyses et des nettoyages avec mc afee, ad-aware et ccleaner sans que mes problèmes soit résolus. N'étant pas un expert dans la matière c'est pour cela que je vous demande votre aide. Voici mon log HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:14:00, on 01/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\WINDOWS\VM_STI.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\LEPROUX\Bureau\HJTInstall.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - C:\WINDOWS\system32\vndogomm.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {D4435765-9DCA-4296-9574-C7B4F6B2F4CC} - C:\WINDOWS\system32\cbXPjIyx.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll (file missing) O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam O4 - HKLM\..\Run: [bOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [f87b58dd] rundll32.exe "C:\WINDOWS\system32\cyixhrop.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [25405807588938294777429292003797] C:\Program Files\A360\av360.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: TrayMin210.exe.lnk = ? O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer = 85.255.116.55,85.255.112.136 O17 - HKLM\System\CCS\Services\Tcpip\..\{DBDDDD24-11C7-49B4-BDDE-5BC97B215FA5}: NameServer = 85.255.116.55,85.255.112.136 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CS1\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer = 85.255.116.55,85.255.112.136 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = O17 - HKLM\System\CS2\Services\Tcpip\..\{A7FC76EA-B1F6-48C0-891F-7B265D4B2FA1}: NameServer = 85.255.116.55,85.255.112.136 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = O20 - AppInit_DLLs: yohmsk.dll pguycc.dll jurbtf.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cycling Manager 2007 Drivers Auto Removal (pr2akt6c) (pr2akt6c) - Cyanide - C:\WINDOWS\system32\pr2akt6c.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe -- End of file - 9558 bytes Merci d'avance
×
×
  • Créer...