encore un Raport

[subaman]

Salut tous le monde

 

AntiVir PersonalEdition Classic

Report file date: lundi 20 octobre 2008 18:40

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: JG

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:56

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:14

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: G:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 20 octobre 2008 18:40

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'ALG.EXE' - '1' Module(s) have been scanned

Scan process 'WinServSuit.exe' - '1' Module(s) have been scanned

Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'WinServAd.exe' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

24 processes with 24 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '22' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\kb478616586.exe

[DETECTION] Contains detection pattern of the dropper DR/LowZones.D

[iNFO] The file was deleted!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\SAHUninstall.exe

[DETECTION] Is the Trojan horse TR/SAHAgent.A.3

[iNFO] The file was deleted!

C:\WINDOWS\nem220.dll

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BH.1

[iNFO] The file was deleted!

C:\WINDOWS\Downloaded Program Files\lsp_.dll

[DETECTION] Is the Trojan horse TR/SAHAgent.A

[iNFO] The file was deleted!

C:\WINDOWS\Downloaded Program Files\SAHAgent_.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/SAHAgent.A Backdoor server programs

[iNFO] The file was deleted!

C:\WINDOWS\Downloaded Program Files\SAHUninstall_.exe

[DETECTION] Is the Trojan horse TR/SAHAgent.A.3

[iNFO] The file was deleted!

C:\WINDOWS\Downloaded Program Files\SahHtml_.exe

[DETECTION] Is the Trojan horse TR/SAHAgent.A.2

[iNFO] The file was deleted!

C:\WINDOWS\Downloaded Program Files\WEBInstaller.dll

[DETECTION] Is the Trojan horse TR/SAHAgent.A

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\iel.exe

[DETECTION] Is the Trojan horse TR/Lowzones.D

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\x.bat

[DETECTION] Is the Trojan horse TR/StartPage.ST.1

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\install.exe

[DETECTION] Is the Trojan horse TR/Lowzones.D.21

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temp\sidefind.exe

[DETECTION] Is the Trojan horse TR/Agent.V

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temp\iinstall.exe

[DETECTION] Is the Trojan horse TR/Dldr.Agent.V

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temp\optimize.exe

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds

[iNFO] TR/Dldr.Dyfuca.ds:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer]:<DisplayIcon>=sz:optimize.exe

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0U78TIHD\actalert[1].exe

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.DP

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EWMLTSFF\sidefind13[1].dll

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.DLL

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EWMLTSFF\istbar_mainstream[1].dll

[DETECTION] Is the Trojan horse TR/IstBar.U

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TPMVQFLT\optimize312[1].exe

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TPMVQFLT\0006_regular[1].cab

[0] Archive type: CAB (Microsoft)

--> istactivex.dll

[DETECTION] Is the Trojan horse TR/Click.Small.DN.2

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TPMVQFLT\ncase_new[1].exe

[DETECTION] Is the Trojan horse TR/Lowzones.B

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EFERIPEN\istsvc[1].exe

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.er1

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\EFERIPEN\nem220[1].dll

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BH.1

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LW5QZ0D\istrecover[1].exe

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.go

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0LW5QZ0D\wsem303[1].dll

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.CN

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\6DOJIP25\sidefind[1].exe

[DETECTION] Is the Trojan horse TR/Agent.V

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J\winupdate2[1].exe

[DETECTION] Is the Trojan horse TR/Click.Delf.AH.7

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J\prompt[1].html

[DETECTION] Contains detection pattern of the Java script virus JS/Dldr.IstBar.J

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\C5IRST6J\optimize[1].exe

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\KL6B0PEN\lca3[1].exe

[DETECTION] Contains detection pattern of the dropper DR/LowZones.D

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\UNGZYB69\bunSetup[1].cab

[0] Archive type: CAB (Microsoft)

--> lsp_.dll

[DETECTION] Is the Trojan horse TR/SAHAgent.A

--> SAHAgent_.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/SAHAgent.A Backdoor server programs

--> SAHUninstall_.exe

[DETECTION] Is the Trojan horse TR/SAHAgent.A.3

--> SahHtml_.exe

[DETECTION] Is the Trojan horse TR/SAHAgent.A.2

--> WEBInstaller.dll

[DETECTION] Is the Trojan horse TR/SAHAgent.A

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\MDZOHGJY\rogue[1].exe

[DETECTION] Is the Trojan horse TR/DelProx.A

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\MDZOHGJY\a173aa[1].js

[DETECTION] Contains detection pattern of the Java script virus JS/Small.AF

[iNFO] The file was deleted!

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\X3FJTXKE\installer[1].exe

[DETECTION] Contains detection pattern of the dropper DR/LowZones.D.3

[iNFO] The file was deleted!

C:\Program Files\SideFind\sidefind.dll

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.DLL

[iNFO] The file was deleted!

C:\Program Files\SideFind\update\sidefind.exe

[DETECTION] Is the Trojan horse TR/Agent.V

[iNFO] The file was deleted!

C:\Program Files\SearchRelevant\uninstall.exe

[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Genlot.E Backdoor server programs

[iNFO] The file was deleted!

C:\FOUND.000\FILE0001.CHK

[DETECTION] Contains detection pattern of the dropper DR/LowZones.D

[iNFO] The file was deleted!

C:\temp\sahagent.exe

[DETECTION] Contains detection pattern of the dropper DR/SAHAgent.A

[iNFO] The file was deleted!

Begin scan in 'D:\'

Begin scan in 'G:\'

 

 

End of the scan: lundi 20 octobre 2008 19:08

Used time: 27:30 min

 

The scan has been done completely.

 

1896 Scanning directories

126103 Files were scanned

42 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

38 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

126061 Files not concerned

1305 Archives were scanned

2 Warnings

0 Notes

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:09:57, on 20/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Windows ServeAd\WinServAd.exe

G:\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows ServeAd\WinServSuit.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

H:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)

O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [Windows Compliant] nbsutk.exe

O4 - HKLM\..\Run: [sAHAgent] C:\WINDOWS\System32\SahAgent.exe

O4 - HKLM\..\Run: [¢‰¸u0–4C

}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\heeax.exe

O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]­ú"ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\heeax.exe

O4 - HKLM\..\Run: [Jtpujkx] C:\Program Files\Mrge\Aicht.exe

O4 - HKLM\..\Run: [Weflfjcx] C:\Program Files\Nriqkr\Usdb.exe

O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe

O4 - HKLM\..\Run: [salm] c:\temp\salm.exe

O4 - HKLM\..\Run: [QuickTime Task] "G:\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunServices: [Windows Compliant] nbsutk.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Windows Compliant] nbsutk.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lsp.dll' missing

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/ClickYes...e/bridge-c7.cab

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5A3D299-A92C-4F7F-967B-29B8A17304D9}: NameServer = 80.10.246.2,80.10.246.129

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

 

--

End of file - 4425 bytes

 

a cause de ca ya pus internet

 

 

Merci

Modifié le 20 octobre 2008 par subaman

[pear]

Bonsoir,

 

Téléchargez Toolbar-S&D sur le Bureau.

• Lancez l'installation du programme en exécutant le fichier téléchargé.
  
• Double-cliquez sur le raccourci de Toolbar-S&D.
  
• Sélectionnez la langue souhaitée en tapant la lettre de votre choix puis en validant avec la touche Entrée.
  
• Choisisssez l'option 1 (Recherche).
  
• Patientez jusqu'à la fin de la recherche.
  
• Postez le rapport généré. (C:\TB.txt)
  

Relancez Toolbar-S&D en double-cliquant sur le raccourci. Tapez sur "2" et validez par"Entrée".

Ne fermez pas la fenêtre lors de la suppression !

Un rapport sera généré,

postez son contenu ici.

 

NOTE : Si le Bureau ne réapparait pas, appuyer simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Allez à l'onglet "Processus". Cliquez en haut à gauche sur Fichier ->"Exécuter..."

Tapez explorer et validez.

 

# vous devez désactiver la protection en temps réel, de votre antivirus qui détecte certains composanst de ce logiciel comme néfastes.

* Pour cela, faites un clic droit sur l'icône en bas à droite à côté de l'horloge.

Télécharger SDFix (créé par AndyManchesta)

et le sauvegarder sur le Bureau.

Double cliquer sur SDFix.exe et choisir Install pour l'extraire

SDFix s'installe à la racine de la partition système (par défaut, Généralement C:). .

 

Redémarrer en mode sans échec

 

* Ouvrir le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clic sur RunThis.cmd pour lancer le script.

* Appuyer sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis demandera d'appuyer sur une touche pour redémarrer.

 

Si Sdfix ne se lance pas

1)Démarrer->Exécuter

Copiez/collez :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

cliquez ok, et validez.

Redémarrez et essayez de nouveau de lancer Sdfix.

 

2)Si vous avez le message Cette commande a été désactivée par votre Administrateur

Appuyez sur une touche pour continuer:

Démarrer->Exécuter

Copiez/Collez

%systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg

Validez

Relancez Sdfix

 

* Le redémarrage sera plus lent qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuyer sur une touche pour finir l'exécution du script et charger les icônes du Bureau.

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Postez le rapport ici.

[subaman]

-----------\\ ToolBar S&D 1.2.2 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Duron Processor )

BIOS : Version 1.00

USER : CAROLINE ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 7.0.0.2

(Activated)

A:\ (USB)

C:\ (Local Disk) - FAT32 - Total : 3 Go Free : 0 Go

D:\ (Local Disk) - FAT32 - Total : 15 Go Free : 5 Go

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (Local Disk) - NTFS - Total : 27 Go Free : 25 Go

H:\ (USB) - FAT - Total : 244 Mo Free : 0 Go

 

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )

Option : [1] ( 20/10/2008|20:02 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\SideFind

C:\Program Files\SideFind\update

C:\Program Files\SideFind\sfbho.dll

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.orange.fr/"'>http://www.orange.fr/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 20/10/2008|20:03 - Option : [1]

 

-----------\\ Fin du rapport a 20:03:48,18

 

 

 

 

------------------------------------------------------------------------------------------------------------------------

 

 

-----------\\ ToolBar S&D 1.2.2 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Duron Processor )

BIOS : Version 1.00

USER : CAROLINE ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 7.0.0.2

(Activated)

A:\ (USB)

C:\ (Local Disk) - FAT32 - Total : 3 Go Free : 0 Go

D:\ (Local Disk) - FAT32 - Total : 15 Go Free : 5 Go

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (Local Disk) - NTFS - Total : 27 Go Free : 25 Go

H:\ (USB) - FAT - Total : 244 Mo Free : 0 Go

 

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )

Option : [2] ( 20/10/2008|20:05 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\SideFind\update

Echec ! - C:\Program Files\SideFind\sfbho.dll

Echec ! - C:\Program Files\SideFind

 

-----------\\ DEUXIEME PASSAGE

 

Echec ! - C:\Program Files\SideFind\sfbho.dll

Echec ! - C:\Program Files\SideFind

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\Program Files\SideFind

C:\Program Files\SideFind\sfbho.dll

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.orange.fr/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Recherche d'autres infections

 

 

Aucune autre infection trouvée !

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 20/10/2008|20:03 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 20/10/2008|20:07 - Option : [2]

----------------------------------------------------------------------------------------------------------------

 

 

SDFix: Version 1.236

Run by CAROLINE on 20/10/2008 at 20:14

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

AUTOEXEC.NT Restored from backups

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\WINDOWS\SYSTEM32\FTPUPD.EXE - Deleted

C:\WINDOWS\system32\TFTP2016 - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-20 20:17:12

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

scanning hidden processes ...

 

scanning hidden services ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\WINDOWS\\System32\\nbsutk.exe"="C:\\WINDOWS\\System32\\nbsutk.exe:*:Enabled:nbsutk"

"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Thu 19 Aug 2004 1,667,584 ...H. --- "C:\Program Files\Messenger\msmsgs.exe"

Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"

Fri 13 Aug 2004 94,208 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\RmvSuite.exe"

Fri 13 Aug 2004 1,953,792 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\launcher.exe"

Fri 13 Aug 2004 53,760 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\mnyinsta.dll"

Mon 16 Aug 2004 35,328 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\setuplng.dll"

Fri 13 Aug 2004 20,480 ...HR --- "C:\Program Files\Microsoft Works Suite 2005\Setup\unregwtr.exe"

Thu 20 Dec 2001 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off2.tmp"

 

Finished!

 

 

 

J'ai toujours pas internet

 

PS: Merci de maider

[pear]

Télécharger sur le bureauOTMoveIt3 by OldTimer (/URL] .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

CODE

:Processes

:Services

:Reg

:Files

C:\Program Files\SideFind

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

 

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copierz/collez en le contenu dans votre prochaine réponse

 

 

 

 

.

[subaman]

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Program Files\SideFind moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10202008_204011

 

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

 

 

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Program Files\SideFind moved successfully.

========== COMMANDS ==========

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10202008_204011

 

Files moved on Reboot...

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

[subaman]

je suis desole mais je peut pas rester terminer les opérations si sa ne te gène pas je serai la demain pour terminer merci d'avance