Bonjour boulepate62
Voici le résulta de OTMoveIt :C:\WINDOWS\ALCXMNTR.EXE moved successfully.
Created on 10/01/2007 20:59:22
Voici le résulta de SmitFraudFix :SmitFraudFix v2.233
Rapport fait à 21:30:16,82, lun. 01/10/2007
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{26C5F683-AB9F-42F5-BDD3-E0862CC7BE6A}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\..\{26C5F683-AB9F-42F5-BDD3-E0862CC7BE6A}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS2\Services\Tcpip\..\{26C5F683-AB9F-42F5-BDD3-E0862CC7BE6A}: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 82.216.111.122 82.216.111.121 82.216.111.123
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voici le résulta de regsearch :Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 1/10/2007 21:53:06 for strings:
; 'symantec'
; 'noadware'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,\
69,00,65,00,72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,\
00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,\
00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ccPwdSvc]
; Contents of value:
; c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,\
69,00,65,00,72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,\
00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,63,00,63,00,50,00,77,00,64,00,53,00,76,00,63,00,2e,\
00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,\
69,00,65,00,72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,\
00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,\
00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\ccPwdSvc]
; Contents of value:
; c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,\
69,00,65,00,72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,\
00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,63,00,63,00,50,00,77,00,64,00,53,00,76,00,63,00,2e,\
00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccEvtMgr]
; Contents of value:
; c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,\
69,00,65,00,72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,\
00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,63,00,63,00,45,00,76,00,74,00,4d,00,67,00,72,00,2e,\
00,65,00,78,00,65,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccPwdSvc]
; Contents of value:
; c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
"EventMessageFile"=hex(2):63,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,46,00,69,00,63,00,68,00,\
69,00,65,00,72,00,73,00,20,00,63,00,6f,00,6d,00,6d,00,75,00,6e,00,73,00,5c,\
00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,\
72,00,65,00,64,00,5c,00,63,00,63,00,50,00,77,00,64,00,53,00,76,00,63,00,2e,\
00,65,00,78,00,65,00,00,00
[HKEY_CURRENT_USER\Software\NVIDIA Corporation\Global\nView\WindowManagement\noadware5]
; End Of The Log...
A bientot
neants2000