Sujet Précédent Sujet Suivant

Virus écran bleu et redémarrage

Résolu/Fermé
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008 - 24 juil. 2008 à 20:38
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008 - 25 juil. 2008 à 23:45
Bonjour à tous,

J'ai actuellement un gros problème avec mon ordinateur.
J'ai fais une belle connerie, je l'avoue, et j'ai choppé un virus. Je ne m'y connais pas beaucoup en matière de virus mais je sais que c'est pas une blague.
Mon arrière-plan de bureau est devenu bleu et il est écrit : "Warning spyware detected on your computer! install an antivirus or spyware remover to clean the computer" et à chaque fois que j'ouvre mon ordinateur, il redémarre immédiatement (même pas 2 seconde que je viens de l'ouvrir) et un écran bleu s'affiche avec plein d'information que je ne comprend pas et boum ! plus rien, je suis donc obligé d'être en mode sans échec pour travailler.
De plus, j'ai fais un scan avec mcafee qui a trouvé un virus et l'a éliminé mais ça n'a rien changé. J'espère pouvoir trouver de l'aide car je suis désespéré.

Merci
A voir également:

10 réponses

Réponse 1 / 10
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
24 juil. 2008 à 20:47
slt,


scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

_______________

colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 2 / 10
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008
24 juil. 2008 à 21:20
Salut jlpjlp,

Merci pour ton aide rapide.

Rapport MalwareByte's Anti-Malware :
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 987
Windows 6.0.6001 Service Pack 1

15:18:25 2008-07-24
mbam-log-7-24-2008 (15-18-25).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 150785
Temps écoulé: 12 minute(s), 33 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcrcjj0eaec (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcrcjj0eaec (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\hnscx.exe (Backdoor.Rustock) -> Quarantined and deleted successfully.
C:\srdyxdh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\iiFwWQHX.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\yAtqNhhi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Users\Emmanuel123\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Maintenant Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:37, on 2008-07-24
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: IE AdBlock - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [GreatLog] "C:\ProgramData\chingramgram.5fpvt"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Glue Noun Keep.54ri5y"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winemv32.rom,dQMRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: McAfee Application Installer Cleanup (0271901216895312) (0271901216895312mcinstcleanup) - Unknown owner - C:\Windows\TEMP\027190~1.EXE (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
0
Réponse 3 / 10
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
24 juil. 2008 à 22:30
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
0
Réponse 4 / 10
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008
24 juil. 2008 à 22:41
Je vais faire ce que tu me dis mais je tiens à dire que j'ai régler mon probleme grave à plusieurs antivirus et car j'ai restauré mon systeme avant que le probleme ne survienne. Je vais aussi poster un autre rapport hijackthis pour vérifier que tout est correct.

hijackthis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:00, on 2008-07-24
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\explorer.exe
C:\Windows\System32\wsqmcons.exe
C:\Users\Emmanuel123\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: IE AdBlock - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [GreatLog] "C:\ProgramData\chingramgram.5fpvt"
O4 - HKCU\..\Run: [ANTI LITE TITLE DEBUG] "C:\ProgramData\Glue Noun Keep.54ri5y"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
24 juil. 2008 à 22:57
il en reste!

refais malwarebyte et colle le rapport comme tu as réstauré

___________

analyse ce fichier sur virus total et si infécté tu le vires: https://www.virustotal.com/gui/

C:\Windows\System32\wsqmcons.exe

____________


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan

puis

* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)
_____________

recolle un nouvau rapport hijackthis et dis tes problemes actuels
0
Réponse 6 / 10
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008
24 juil. 2008 à 23:28
re,

Malwarebyte :
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 987
Windows 6.0.6001 Service Pack 1

17:14:04 2008-07-24
mbam-log-7-24-2008 (17-14-04).txt

Type de recherche: Examen rapide
Eléments examinés: 37545
Temps écoulé: 3 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


lop S&D :

--------------------\\ Lop S&D 4.2.2-3 XP/Vista

[ Windows VISTA (NT 6.0) Workstation Build 6001, Service Pack 1 ]
[ USER : Emmanuel123 ] [ "C:\Lop SD" ] [ Selection : 2 ]
[ 2008-07-24 | 17:24:36,43 ] [ PC : PC-DE-EMMANUEL ]
[ MAJ : 22-07-2008 | 17:35 ]
[ UAC => 0 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - C:\ProgramData\Okay meta anti lite\rdr two.exe
Supprime! - C:\ProgramData\chingramgram.5fpvt
Supprime! - C:\ProgramData\Glue Noun Keep.54ri5y
Supprime! - C:\ProgramData\chingramgram.8oxtlen
Supprime! - C:\Users\EMMANU~1\AppData\Local\Temp\bis4CE9.exe
Supprime! - C:\ProgramData\Okay meta anti lite
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans

[2008-07-20|18:59] C:\Users\EMMANU~1\AppData\Local\Acer Arcade Live
[2008-07-20|18:08] C:\Users\EMMANU~1\AppData\Local\Adobe
[2008-07-21|16:10] C:\Users\EMMANU~1\AppData\Local\Apple
[2008-07-22|12:14] C:\Users\EMMANU~1\AppData\Local\Apple Computer
[2008-07-20|17:29] C:\Users\EMMANU~1\AppData\Local\Application Data
[2008-07-24|15:55] C:\Users\EMMANU~1\AppData\Local\d3d9caps.dat
[2008-07-21|10:27] C:\Users\EMMANU~1\AppData\Local\GDIPFONTCACHEV1.DAT
[2008-07-20|17:29] C:\Users\EMMANU~1\AppData\Local\Historique
[2008-07-24|17:23] C:\Users\EMMANU~1\AppData\Local\IconCache.db
[2008-07-21|10:29] C:\Users\EMMANU~1\AppData\Local\Microsoft
[2008-07-20|17:46] C:\Users\EMMANU~1\AppData\Local\Mozilla
[2008-07-20|17:30] C:\Users\EMMANU~1\AppData\Local\PowerCinema
[2008-07-24|17:24] C:\Users\EMMANU~1\AppData\Local\Temp
[2008-07-20|17:29] C:\Users\EMMANU~1\AppData\Local\Temporary Internet Files
[2008-07-23|16:08] C:\Users\EMMANU~1\AppData\Local\The Witcher
[2008-07-24|13:20] C:\Users\EMMANU~1\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[2008-03-21 07:54][--a------] C:\Windows\tasks\McDefragTask.job
[2008-03-21 07:54][--a------] C:\Windows\tasks\McQcTask.job
[2008-07-24 17:24][--ah-----] C:\Windows\tasks\SA.DAT
[2008-07-24 17:23][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[2008-03-21|07:18] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008-03-21|07:35] C:\ProgramData\Acer GameZone Console
[2008-03-21|07:58] C:\ProgramData\Adobe
[2008-07-21|16:10] C:\ProgramData\Apple
[2008-07-21|16:12] C:\ProgramData\Apple Computer
[2006-11-02|09:02] C:\ProgramData\Application Data
[2008-07-20|17:25] C:\ProgramData\Bureau
[2008-07-23|16:01] C:\ProgramData\Codemasters
[2008-07-21|09:42] C:\ProgramData\Corel
[2008-07-20|18:59] C:\ProgramData\CyberLink
[2006-11-02|09:02] C:\ProgramData\Desktop
[2006-11-02|09:02] C:\ProgramData\Documents
[2008-03-21|07:47] C:\ProgramData\eSobi
[2008-07-20|17:25] C:\ProgramData\Favoris
[2006-11-02|09:02] C:\ProgramData\Favorites
[2008-03-21|07:36] C:\ProgramData\FloodLightGames
[2008-07-21|09:41] C:\ProgramData\Lightning
[2008-07-24|15:04] C:\ProgramData\Malwarebytes
[2008-03-21|07:53] C:\ProgramData\McAfee
[2008-07-24|16:36] C:\ProgramData\Media Center Programs
[2008-07-20|17:25] C:\ProgramData\Menu D‚marrer
[2008-07-20|17:22] C:\ProgramData\Microsoft
[2008-07-20|20:14] C:\ProgramData\Microsoft Help
[2008-07-20|17:25] C:\ProgramData\ModŠles
[2008-07-22|12:14] C:\ProgramData\NVIDIA
[2008-03-21|07:52] C:\ProgramData\SiteAdvisor
[2006-11-02|09:02] C:\ProgramData\Start Menu
[2008-07-20|22:31] C:\ProgramData\TEMP
[2006-11-02|09:02] C:\ProgramData\Templates
[2008-07-20|19:49] C:\ProgramData\traydead
[2008-07-20|17:51] C:\ProgramData\WLInstaller
[2008-07-20|19:50] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[2008-03-21|07:47] C:\Program Files\Acer Arcade Live
[2008-07-20|17:30] C:\Program Files\Acer Assist
[2008-03-21|07:46] C:\Program Files\Acer GameZone
[2008-07-20|17:36] C:\Program Files\Acer Inc
[2008-07-20|17:30] C:\Program Files\Acer Registration
[2008-03-21|07:18] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2008-07-20|18:10] C:\Program Files\Adobe
[2008-07-21|16:10] C:\Program Files\Apple Software Update
[2008-07-20|17:32] C:\Program Files\ATI
[2008-07-21|16:11] C:\Program Files\Bonjour
[2008-07-23|13:26] C:\Program Files\Codemasters
[2008-07-24|14:17] C:\Program Files\Common Files
[2008-03-21|07:33] C:\Program Files\CyberLink
[2008-07-23|12:48] C:\Program Files\DAEMON Tools Lite
[2008-07-23|12:48] C:\Program Files\DAEMON Tools Toolbar
[2008-01-20|22:43] C:\Program Files\desktop.ini
[2008-07-24|16:28] C:\Program Files\Electronic Arts
[2008-03-21|07:47] C:\Program Files\eSobi
[2008-07-20|17:25] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[2008-07-24|16:08] C:\Program Files\Gothic III
[2008-07-21|09:28] C:\Program Files\IE AdBlock
[2008-07-22|14:10] C:\Program Files\InfraRecorder
[2008-07-23|16:23] C:\Program Files\InstallShield Installation Information
[2008-07-24|16:38] C:\Program Files\Internet Explorer
[2008-07-21|16:12] C:\Program Files\iPod
[2008-07-21|16:12] C:\Program Files\iTunes
[2008-07-20|19:42] C:\Program Files\Java
[2008-07-21|13:36] C:\Program Files\LimeWire
[2008-07-24|17:09] C:\Program Files\Malwarebytes' Anti-Malware
[2008-07-24|06:28] C:\Program Files\McAfee
[2008-03-21|07:51] C:\Program Files\McAfee.com
[2006-11-02|08:37] C:\Program Files\Microsoft Games
[2008-03-21|07:17] C:\Program Files\Microsoft Office
[2008-03-21|07:17] C:\Program Files\Microsoft Works
[2008-03-21|07:15] C:\Program Files\Microsoft.NET
[2008-01-20|22:35] C:\Program Files\Movie Maker
[2008-07-24|16:08] C:\Program Files\Mozilla Firefox
[2006-11-02|08:37] C:\Program Files\MSBuild
[2008-07-20|17:38] C:\Program Files\MSXML 4.0
[2008-03-21|07:22] C:\Program Files\NewTech Infosystems
[2008-07-23|13:42] C:\Program Files\OpenAL
[2008-07-20|19:56] C:\Program Files\PowerISO
[2008-07-21|16:11] C:\Program Files\QuickTime
[2008-03-21|07:11] C:\Program Files\Realtek
[2006-11-02|08:37] C:\Program Files\Reference Assemblies
[2008-07-20|17:45] C:\Program Files\SiteAdvisor
[2008-07-20|19:42] C:\Program Files\Sun
[2008-07-21|09:44] C:\Program Files\SystemRequirementsLab
[2008-07-23|13:06] C:\Program Files\The Witcher
[2008-07-24|15:07] C:\Program Files\Trend Micro
[2006-11-02|09:01] C:\Program Files\Uninstall Information
[2008-07-20|17:54] C:\Program Files\uTorrent
[2008-01-20|22:35] C:\Program Files\Windows Calendar
[2008-01-20|22:35] C:\Program Files\Windows Collaboration
[2008-01-20|22:35] C:\Program Files\Windows Defender
[2008-01-20|22:35] C:\Program Files\Windows Journal
[2008-07-20|17:54] C:\Program Files\Windows Live
[2008-07-20|17:42] C:\Program Files\Windows Mail
[2008-01-20|22:35] C:\Program Files\Windows Media Player
[2008-07-20|17:25] C:\Program Files\Windows NT
[2008-01-20|22:35] C:\Program Files\Windows Photo Gallery
[2008-01-20|22:35] C:\Program Files\Windows Sidebar
[2008-07-20|17:49] C:\Program Files\WinRAR
[2008-07-21|09:42] C:\Program Files\WordPerfect Lightning
[2008-03-21|07:48] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[2008-07-20|18:10] C:\Program Files\Common Files\Adobe
[2008-07-21|16:10] C:\Program Files\Common Files\Apple
[2008-07-21|09:42] C:\Program Files\Common Files\Corel
[2008-03-21|07:16] C:\Program Files\Common Files\DESIGNER
[2008-03-21|07:32] C:\Program Files\Common Files\InstallShield
[2008-07-20|19:41] C:\Program Files\Common Files\Java
[2008-03-21|07:21] C:\Program Files\Common Files\LightScribe
[2008-03-21|07:52] C:\Program Files\Common Files\McAfee
[2008-07-23|13:06] C:\Program Files\Common Files\microsoft shared
[2008-03-21|07:21] C:\Program Files\Common Files\muvee Technologies
[2008-03-21|07:22] C:\Program Files\Common Files\NewTech Infosystems
[2008-03-21|07:36] C:\Program Files\Common Files\Oberon Media
[2006-11-02|07:18] C:\Program Files\Common Files\Services
[2006-11-02|07:18] C:\Program Files\Common Files\SpeechEngines
[2008-01-20|22:35] C:\Program Files\Common Files\System
[2008-07-20|17:54] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 72 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 17:25:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> C:\Users\EMMANU~1\AppData\Roaming\Microsoft\Windows\Recent\Crysis keygen.lnk
=> C:\Users\EMMANU~1\AppData\Roaming\Microsoft\Windows\Recent\Crysis_Serial___NO_FAKE___WORKS_FINE__[www.torrentlocomotive.com].lnk
=> C:\Users\EMMANU~1\AppData\Roaming\uTorrent\Crysis keygen.torrent
=> C:\Users\EMMANU~1\AppData\Roaming\uTorrent\Crysis Serial ! NO BS ! WORKS FINE ! [ZeWeX].txt.torrent
=> C:\Users\EMMANU~1\Documents\Downloads\Crysis keygen
=> C:\Users\EMMANU~1\Documents\Downloads\Crysis Serial ! NO BS ! WORKS FINE ! [ZeWeX].txt
=> C:\Users\EMMANU~1\Documents\Downloads\Crysis keygen\Crysis_PC_Key_Generator.exe
=> C:\Users\EMMANU~1\Documents\Downloads\Crysis keygen\readme.nfo
=> C:\Users\EMMANU~1\Downloads\Crysis_keygen-[www.search-torrent.com].torrent
=> C:\Users\EMMANU~1\Downloads\Crysis_Serial___NO_FAKE___WORKS_FINE__[www.torrentlocomotive.com].torrent


[F:20][D:32]-> C:\Users\EMMANU~1\AppData\Local\Temp
[F:58][D:1]-> C:\Users\EMMANU~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:111][D:8]-> C:\Users\EMMANU~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:1][D:1]-> C:\$Recycle.Bin

--------------------\\ Fin du rapport a 17:26:28,11
[ UAC => 1 ]
0
Réponse 7 / 10
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
25 juil. 2008 à 11:50
il serait préférable de virer les cracks... Recoller un hijackthis et dis tes souci
0
Réponse 8 / 10
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008
25 juil. 2008 à 17:14
Ok je repost un hijackthis et je tiens à préciser que je n'ai plus aucun souci depuis que j'ai restauré.

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:49, on 2008-07-25
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Emmanuel123\Downloads\HiJackThis(2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.iesearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: IE AdBlock - {BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} - C:\Program Files\IE AdBlock\IE AdBlock.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
0
Réponse 9 / 10
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
25 juil. 2008 à 20:52
ok tu peux garder malwarebyte's antimalware

vire le reste avec ceci:



Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ps : pas besoin de m´envoyer le rapport si tout a ete supprimer ;-)

_______________

Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

________________

verifie avec ton antivirus qu'il reste rien
si c'est le cas c'est bon!



bonne suite
0
Réponse 10 / 10
osiris123 Messages postés 30 Date d'inscription vendredi 21 décembre 2007 Statut Membre Dernière intervention 14 septembre 2008
25 juil. 2008 à 23:45
Re jlpjlp,

tout a été supprimé.

Merci beaucoup de ton aide
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
mon image prend une dominante bleue
herve -
Dany -

4 réponses