Sujet Précédent Sujet Suivant

Comment supprimer trojan

Fermé
Mira - 22 janv. 2009 à 21:26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 - 31 janv. 2009 à 21:37
Bonjour,
J'ai fait un scan avec l'antispyware Malwarebytes et le rapport m'a affiché ceci:
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1680
Windows 5.1.2600 Service Pack 2

22/01/2009 21:16:09
mbam-log-2009-01-22 (21-16-05).txt

Type de recherche: Examen rapide
Eléments examinés: 51328
Temps écoulé: 7 minute(s), 13 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 9
Clé(s) du Registre infectée(s): 210
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 18
Fichier(s) infecté(s): 104

Processus mémoire infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.

Module(s) mémoire infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\sdqplsch.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\qyslijf.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mtqunkyb (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00002f58-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00002f58-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00005441-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00005441-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00005eb0-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00005eb0-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000a882-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0000a882-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000bd61-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0000bd61-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00015105-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00015105-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00017ac3-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00017ac3-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0002a20a-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0002a20a-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0002f587-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0002f587-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0003e4e7-6347-4afe-bcfd-a65dd6574c09} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0003e4e7-6347-4afe-bcfd-a65dd6574c09} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0005eb0f-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0005eb0f-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000a8828-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000a8828-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000bd61f-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000bd61f-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000ce4c1-e757-41e8-bdfb-7e695fa74465} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000ce4c1-e757-41e8-bdfb-7e695fa74465} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0017ac3e-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0017ac3e-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002a20a1-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{002a20a1-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002f587d-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{002f587d-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00544142-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00544142-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{005eb0fb-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{005eb0fb-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00002f58-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00005441-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00005eb0-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000a882-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000bd61-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00015105-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00017ac3-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0002a20a-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0002f587-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0003e4e7-6347-4afe-bcfd-a65dd6574c09} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0005eb0f-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{000a8828-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{000bd61f-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{000ce4c1-e757-41e8-bdfb-7e695fa74465} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0017ac3e-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002a20a1-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002f587d-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00544142-c700-4aad-9fcb-49628ffe53fa} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{005eb0fb-1f29-4460-aad7-995d061be0a4} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\jrocnapv (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\jrocnapv (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jrocnapv (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.

Fichier(s) infecté(s):
c:\WINDOWS\system32\qyslijf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sdqplsch.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\wefyrsl.dll (Trojan.Vundo.H) -> No action taken.
C:\InstallAVg_77085901.exe (Rogue.Installer) -> No action taken.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\0006F668 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00078867 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000AD0EB (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\000B0C2F (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00143007 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00412C53 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004A4241.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004A44A2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004A4638.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\004A47CE.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01181DB7.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\011820F3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\011822C8.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\011C17D8 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01AE5E22 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01AE5FD7.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01AE61BC.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01AE63EE.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01AE71E8.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\01B24518.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\01B0292D.dat (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.



Svp je sais que mon pc est infecté ,je vous prie de m'aider commen en débarasser
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
22 janv. 2009 à 21:34
bonjour,

a ben vi comme tu vois ton PC et bien infecté, en + as tu supprimé les infections avec malwarebyte va dans la quarantaine et supprime tout ou si tu as pas supprimer refait un scan et à la fin clic sur afficher resulatat et clic sur suppressions et poste le rapport et supprime tes cracks et keygens...


puis telecharge hijackthis

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

choisit "do a scan and save the log" et poste le rapport
0
Mira
22 janv. 2009 à 21:43
ça donne rien quand je clique sur quarantaine
0
Mira > Mira
22 janv. 2009 à 22:00
Le InstallAVG_77085901 ne veut pas s'esxecuter : l'editeur inconnu ensuite je clique sur continuer et j'ai eu ce commentaire : que ce InstallAVG_77085901 n'est pas une application Win32 valide
0
Réponse 2 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
22 janv. 2009 à 21:51
ben refait un scan rapide c'est 10min et après clic bien sur afficher resultat et clic sur suppression ensuite le rapport s'ouvre et poste celui la

puis après la suppression poste le rapport hijackthis
0
Réponse 3 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
22 janv. 2009 à 22:07
heu............

C:\InstallAVg_77085901.exe (Rogue.Installer)

pourquoi tu clic la dessus c'est un fichier infecté tu te rajoute des chose....

relance malwarebyte et fait un scan rapide a la fin clic bien sur afficher resultat et clic sur suppression ensuite le rapport s'ouvre et poste celui la

puis après la suppression poste le rapport hijackthis
0
Mira
22 janv. 2009 à 23:23
voila le rapport :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1680
Windows 5.1.2600 Service Pack 2

22/01/2009 23:20:43
mbam-log-2009-01-22 (23-20-43).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 91745
Temps écoulé: 55 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mtqunkyb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\qyslijf.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

je vais lancer hijackthis
0
Réponse 4 / 26
Mira
22 janv. 2009 à 23:38
Voici le rapport de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:26:25, on 22/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Samir\Local Settings\Temporary Internet Files\Content.IE5\4P6J0HQJ\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BEF1CC49-9185-4FD9-A680-C80F78CBFB5F} - c:\windows\system32\qyslijf.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Samir\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC8CBCA5-93A4-448C-9CED-AE2A45609894}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,C:\WINDOWS\System32\cnetcfg32.dll
O20 - Winlogon Notify: c8699f4d509 - C:\WINDOWS\System32\cnetcfg32.dll (file missing)
O20 - Winlogon Notify: mtqunkyb - C:\WINDOWS\SYSTEM32\qyslijf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
23 janv. 2009 à 09:05
desactive TOUTES tes defense puis

telecharge combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

deconnecte toi d'internet, ferme TOUT et ne touche + a ton PC jusuq'a la fin sous peine de le figer puis poste le rapport à la fin



puis telecharge
toolbar sd https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

choisit ta langue , fait option 1 et poste le rapport
0
Mira
26 janv. 2009 à 22:06
j'ai répondu et j'ai mis les deux rapports mais à chaque ils ne s'enregisrent pas , je vais encore essayer
0
Réponse 6 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
26 janv. 2009 à 22:09
re

réessaye si sa passe pas, envoie les moi en MP tu clic sur mon pseudo et choisit envoyé message privé, je l'ai reposte ici ensuite si je peux
0
Mira
26 janv. 2009 à 22:11
ComboFix 09-01-21.04 - Samir 2009-01-23 22:43:10.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.208 [GMT 1:00]
Lancé depuis: c:\documents and settings\Samir\Bureau\ComboFix12.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Samir\Application Data\[u]0/u2000000e0900383509C.manifest
c:\documents and settings\Samir\Application Data\[u]0/u2000000e0900383509O.manifest
c:\documents and settings\Samir\Application Data\[u]0/u2000000e0900383509P.manifest
c:\documents and settings\Samir\Application Data\[u]0/u2000000e0900383509S.manifest
c:\documents and settings\Samir\Application Data\FunWebProducts
c:\windows\GnuHashes.ini
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\GroupPolicyManifest
c:\windows\system32\GroupPolicyManifest\1.music.mp3
c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd
c:\windows\system32\GroupPolicyManifest\10.setup.zip
c:\windows\system32\GroupPolicyManifest\10.setup.zip.kwd
c:\windows\system32\GroupPolicyManifest\11.unpack.zip
c:\windows\system32\GroupPolicyManifest\11.unpack.zip.kwd
c:\windows\system32\GroupPolicyManifest\12.limepro.zip
c:\windows\system32\GroupPolicyManifest\12.limepro.zip.kwd
c:\windows\system32\GroupPolicyManifest\13.keygen.zip
c:\windows\system32\GroupPolicyManifest\13.keygen.zip.kwd
c:\windows\system32\GroupPolicyManifest\2.crack.zip
c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd
c:\windows\system32\GroupPolicyManifest\6.tmp
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg
c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd
c:\windows\system32\GroupPolicyManifest\9.remix.mp3
c:\windows\system32\GroupPolicyManifest\9.remix.mp3.kwd

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 ))))))))))))))))))))))))))))))))))))
.

2009-01-22 21:57 . 2009-01-22 21:57 <REP> d-------- c:\documents and settings\Samir\Application Data\qljoiyrd
2009-01-22 20:37 . 2009-01-22 21:05 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-22 20:37 . 2009-01-22 20:37 <REP> d-------- c:\documents and settings\Samir\Application Data\Malwarebytes
2009-01-22 20:37 . 2009-01-22 20:37 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-22 20:37 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-22 20:37 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-21 19:49 . 2009-01-21 19:49 <REP> d-------- c:\documents and settings\NetworkService\Application Data\qljoiyrd
2009-01-19 23:07 . 2009-01-19 23:07 <REP> d-------- c:\program files\MSXML 4.0
2009-01-18 20:42 . 2009-01-18 20:42 <REP> d-------- c:\documents and settings\Samir\Application Data\dvdcss
2009-01-07 13:18 . 2009-01-07 13:18 <REP> d-------- c:\windows\system32\Kaspersky Lab
2009-01-02 00:18 . 2009-01-02 00:18 96,976 --a------ c:\windows\system32\drivers\klin.dat
2009-01-02 00:18 . 2009-01-02 00:18 87,855 --a------ c:\windows\system32\drivers\klick.dat
2009-01-02 00:16 . 2009-01-23 15:12 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-02 00:16 . 2009-01-23 22:45 1,974,816 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-02 00:16 . 2009-01-23 22:45 385,056 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-02 00:16 . 2009-01-23 22:45 17,556 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-02 00:16 . 2009-01-23 22:45 3,444 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-31 14:07 . 2008-12-31 14:07 <REP> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-31 13:50 . 2008-12-31 14:07 43,028,592 --a------ C:\kis8.0.0.506fr.exe
2008-12-30 09:55 . 2008-12-30 10:01 <REP> d-------- c:\documents and settings\TEMP.P4-3GHZ.000
2008-12-29 19:53 . 2008-12-29 19:59 <REP> d-------- c:\documents and settings\TEMP.P4-3GHZ
2008-12-26 23:31 . 2008-12-26 23:31 <REP> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2008-12-26 13:37 . 2004-08-04 00:54 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-26 13:37 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-26 13:37 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-26 13:37 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-23 21:46 --------- d-----w c:\program files\SuperCopier2
2009-01-23 20:50 --------- d-----w c:\documents and settings\Samir\Application Data\U3
2009-01-20 21:47 --------- d-----w c:\documents and settings\Samir\Application Data\Skype
2009-01-01 23:39 --------- d-----w c:\program files\Symantec
2009-01-01 23:39 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-01 23:16 --------- d-----w c:\program files\Kaspersky Lab
2008-12-22 17:43 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-22 17:25 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-12-22 17:25 --------- d-----w c:\program files\Windows Live Favorites
2008-12-22 17:20 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-18 23:35 --------- d-----w c:\program files\Google
2008-12-17 17:28 --------- d-----w c:\program files\Fichiers communs\Apple
2008-12-17 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-16 20:43 --------- d-----w c:\program files\Flash Movie Player
2008-12-16 14:57 --------- d-----w c:\program files\Micro Application
2008-12-11 20:28 --------- d-----w c:\documents and settings\Samir\Application Data\Apple Computer
2008-12-11 20:26 --------- d-----w c:\program files\Apple Software Update
2008-12-11 20:23 --------- d-----w c:\program files\Bonjour
2008-12-11 20:19 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-10 20:49 --------- d-----w c:\documents and settings\Samir\Application Data\LimeWire
2008-12-10 18:49 --------- d-----w c:\program files\LimeWire
2008-12-10 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-10 10:57 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-09 23:14 --------- d-----w c:\program files\Yahoo!
2008-12-09 23:14 --------- d-----w c:\documents and settings\Samir\Application Data\Yahoo!
2008-12-01 16:49 --------- d-----w c:\program files\eMule
2008-11-29 12:23 31 ----a-w c:\documents and settings\Samir\jagex_runescape_preferences.dat
2008-11-28 22:36 --------- d-----w c:\documents and settings\Samir\Application Data\uTorrent
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6ffece26-ac73-45dd-9b24-b35ed02a0b23}"= "c:\program files\Com_Algerie\tbCom1.dll" [2008-03-22 1470488]

[HKEY_CLASSES_ROOT\clsid\{6ffece26-ac73-45dd-9b24-b35ed02a0b23}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ffece26-ac73-45dd-9b24-b35ed02a0b23}]
2008-03-22 12:14 1470488 --a------ c:\program files\Com_Algerie\tbCom1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BEF1CC49-9185-4FD9-A680-C80F78CBFB5F}]
2001-10-02 19:18 105472 --a------ c:\windows\system32\qyslijf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6ffece26-ac73-45dd-9b24-b35ed02a0b23}"= "c:\program files\Com_Algerie\tbCom1.dll" [2008-03-22 1470488]

[HKEY_CLASSES_ROOT\clsid\{6ffece26-ac73-45dd-9b24-b35ed02a0b23}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6FFECE26-AC73-45DD-9B24-B35ED02A0B23}"= "c:\program files\Com_Algerie\tbCom1.dll" [2008-03-22 1470488]

[HKEY_CLASSES_ROOT\clsid\{6ffece26-ac73-45dd-9b24-b35ed02a0b23}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-16 68856]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-14 1057280]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"ccleaner"="c:\documents and settings\Samir\Bureau\CCleaner\CCleaner.exe" [2007-09-28 722160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-18 925696]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2006-09-13 2154496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"ZSSnp211"="c:\windows\ZSSnp211.exe" [2006-08-19 49152]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 c:\windows\system32\HdAShCut.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Samir\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-11-17 229376]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe [2007-11-16 929870]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mtqunkyb]
2001-10-02 19:18 105472 c:\windows\system32\qyslijf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2008-12-27 17:53 2356088 c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:54 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-07-24 15:32 3712512 c:\program files\ASUS\AI Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-11-10 19:40 77824 c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 14:43 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Documents and Settings\\Samir\\Bureau\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:TCP port 443 ooVoo
"443:UDP"= 443:UDP:UDP port 443 ooVoo
"37674:TCP"= 37674:TCP:TCP port 37674 ooVoo
"37674:UDP"= 37674:UDP:UDP port 37674 ooVoo
"37675:UDP"= 37675:UDP:UDP port 37675 ooVoo

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 zekmxeef;zekmxeef;c:\windows\system32\drivers\zekmxeef.sys [2001-10-02 23424]
R3 adiusbae;USB ADSL LAN Adapter;c:\windows\system32\drivers\adiusbae.sys [2007-11-16 117785]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R4 PPPoEService;PPPoE Service;c:\progra~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe [2007-11-10 49152]
S3 NTSPPPOE;Efficient Networks Enternet P.P.P.o.E LAN Miniport Driver;c:\windows\system32\drivers\ntspppoe.sys [2007-11-10 159680]
S3 NTSVPN;Efficient Networks Enternet VPN LAN Miniport Driver;c:\windows\system32\drivers\ntsvpn.sys [2007-11-10 159616]
S3 RAWESR;RAWESR;c:\progra~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS [2007-11-10 9688]
S3 TAPBIND;TAPBIND;c:\progra~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS [2007-11-10 17920]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
jrocnapv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{327e4455-c9e5-11dd-bf00-0073044668e7}]
\Shell\AutoRun\command - F:\2u.com
\Shell\explore\Command - F:\2u.com
\Shell\open\Command - F:\2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56dcfc38-4cf8-11dd-b4a7-0073044668e7}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{597deccc-95b4-11dc-b57d-0073044668e7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c85b503-6220-11dd-b4dd-0073044668e7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8378ba3f-a4b3-11dc-a65d-0073044668e7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baf3ba50-8fcd-11dc-bf3b-001a928290e4}]
\Shell\AutoRun\command - n6y1ucjp.cmd
\Shell\explore\Command - n6y1ucjp.cmd
\Shell\open\Command - n6y1ucjp.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ddde7ae1-b628-11dc-a67d-0073044668e7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
.
Contenu du dossier 'Tâches planifiées'

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-23 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe
Notify-c8699f4d509 - c:\windows\System32\cnetcfg32.dll
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe


.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {DC8CBCA5-93A4-448C-9CED-AE2A45609894} = 41.221.20.4 193.251.169.165
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-23 22:47:06
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Samir\LOCALS~1\Temp\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
c:\progra~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Heure de fin: 2009-01-23 22:52:24 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-23 21:52:20

Avant-CF: 4 486 131 712 octets libres
Après-CF: 4,471,353,344 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

279 --- E O F --- 2009-01-22 23:00:38
0
Réponse 7 / 26
Mira
26 janv. 2009 à 22:13
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 01/30/07 15:12:28 Ver: 08.00.10
USER : Samir ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:14 Go (Free:4 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:22 Go (Free:16 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 23/01/2009|23:05 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\LOCALS~1\APPLIC~1\alot
C:\DOCUME~1\Samir\APPLIC~1\alot
C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9
C:\DOCUME~1\Samir\APPLIC~1\alot\configurator
C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch
C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout
C:\DOCUME~1\Samir\APPLIC~1\alot\products
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources
C:\DOCUME~1\Samir\APPLIC~1\alot\Tem13A.tmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Tem1D1.tmp
C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager
C:\DOCUME~1\Samir\APPLIC~1\alot\toolbar.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch
C:\DOCUME~1\Samir\APPLIC~1\alot\Updater
C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0\Button_0.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0\Button_0.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1\Button_1.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1\Button_1.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10\Button_10.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10\Button_10.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11\Button_11.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11\Button_11.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2\Button_2.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2\Button_2.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3\Button_3.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3\Button_3.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4\Button_4.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4\Button_4.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5\Button_5.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5\Button_5.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6\Button_6.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6\Button_6.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7\Button_7.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7\Button_7.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8\Button_8.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8\Button_8.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9\Button_9.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9\Button_9.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\configurator\configurator.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\configurator\configurator.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch\ErrorSearch.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch\ErrorSearch.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout\postInstallLayout.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout\postInstallLayout.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\products\products.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\products\products.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_0
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_1
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_2
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_3
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_4
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_5
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_6
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_7
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_0\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_1\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_2\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_2\images\default_372_alot_per_musicsearch.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_3\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_3\images\default_373_alot_per_tv.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_4\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_5\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_5\images\default_374_alot_per_news.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_6\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_6\images\default_375_alot_per_play.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_7\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_7\images\default_376_alot_mrkt_perfspot.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\domains.dat
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\alot_brand.png
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\spinner.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_bottom.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnclose0.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnclose1.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnmin0.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnmin1.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_caption.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_error_bg.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_error_close.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_error_icon.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager\TimerManager.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager\TimerManager.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch\ToolbarSearch.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch\ToolbarSearch.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Updater\Updater.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Updater\Updater.xml.backup
C:\Program Files\alot
C:\Program Files\alot\alotUninst.exe
C:\Program Files\alot\bin
C:\Program Files\alot\bin\alot.dll
C:\Program Files\Fun Web Products
C:\Program Files\Fun Web Products\MSNMessenger
C:\Program Files\Fun Web Products\MSNMessenger\MSNBackgrounds
C:\Program Files\VVSN

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 23/01/2009|23:06 - Option : [1]

-----------\\ Fin du rapport a 23:06:49,50
0
Réponse 8 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
26 janv. 2009 à 22:18
Ferme toutes tes applications, deconnecte toi d'internet et relance Toolbar en option 2 et poste le rapport



puis desactive ton antivirus le fix est detecté a tort

telecharge

AD REMOVER http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

installe le lance le choisit l'option A et poste le rapport

je reprends demain bonne soirée
0
Mira
27 janv. 2009 à 20:18
salut voici le rapport de toolbar


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 01/30/07 15:12:28 Ver: 08.00.10
USER : Samir ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:14 Go (Free:3 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:22 Go (Free:16 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 27/01/2009|20:01 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\LOCALS~1\APPLIC~1\alot
C:\DOCUME~1\Samir\APPLIC~1\alot
C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9
C:\DOCUME~1\Samir\APPLIC~1\alot\configurator
C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch
C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout
C:\DOCUME~1\Samir\APPLIC~1\alot\products
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources
C:\DOCUME~1\Samir\APPLIC~1\alot\Tem13A.tmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Tem1D1.tmp
C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager
C:\DOCUME~1\Samir\APPLIC~1\alot\toolbar.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch
C:\DOCUME~1\Samir\APPLIC~1\alot\Updater
C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch\BrowserSearch.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch\BrowserSearch.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0\Button_0.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0\Button_0.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1\Button_1.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1\Button_1.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10\Button_10.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10\Button_10.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11\Button_11.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11\Button_11.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2\Button_2.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2\Button_2.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3\Button_3.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3\Button_3.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4\Button_4.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4\Button_4.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5\Button_5.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5\Button_5.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6\Button_6.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6\Button_6.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7\Button_7.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7\Button_7.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8\Button_8.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8\Button_8.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9\Button_9.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9\Button_9.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\configurator\configurator.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\configurator\configurator.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch\ErrorSearch.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch\ErrorSearch.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout\postInstallLayout.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout\postInstallLayout.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\products\products.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\products\products.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_0
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_1
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_2
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_3
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_4
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_5
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_6
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_7
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_0\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_0\images\alot_icon_35x16.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_1\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_1\images\alot_search_24x16.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_2\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_2\images\default_372_alot_per_musicsearch.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_3\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_3\images\default_373_alot_per_tv.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_4\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_4\images\default_281_alot_weather_widget.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_5\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_5\images\default_374_alot_per_news.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_6\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_6\images\default_375_alot_per_play.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_7\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Button_7\images\default_376_alot_mrkt_perfspot.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\domains.dat
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\alot_brand.png
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\spinner.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_bottom.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnclose0.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnclose1.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnmin0.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_btnmin1.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_caption.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_error_bg.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_error_close.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\Resources\Shared\images\widget_error_icon.bmp
C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager\TimerManager.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager\TimerManager.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch\ToolbarSearch.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch\ToolbarSearch.xml.backup
C:\DOCUME~1\Samir\APPLIC~1\alot\Updater\Updater.xml
C:\DOCUME~1\Samir\APPLIC~1\alot\Updater\Updater.xml.backup
C:\Program Files\alot
C:\Program Files\alot\alotUninst.exe
C:\Program Files\alot\bin
C:\Program Files\alot\bin\alot.dll
C:\Program Files\Fun Web Products
C:\Program Files\Fun Web Products\MSNMessenger
C:\Program Files\Fun Web Products\MSNMessenger\MSNBackgrounds
C:\Program Files\VVSN

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 23/01/2009|23:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/01/2009|20:03 - Option : [1]

-----------\\ Fin du rapport a 20:03:01,39
0
Mira
27 janv. 2009 à 20:53
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

Start at: 20:21:41 | Mar 27/01/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: P4-3GHZ | User: Samir ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 48

+--------------------| Boonty/Boonty Games Elements Found :

.
.

+--------------------| Eorezo Elements Found :

.
.

+--------------------| Everest Casino/Everest Poker Elements Found :

.
.

+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Found :

.
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.0.inf

+--------------------| It's TV Elements Found :

.

+--------------------| Sweetim Elements Found :

.
.

+--------------------| Added Scan :

~~~~ INTERNET EXPLORER VERSION 6.0.2900.2180 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://fr.msn.com/

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://fr.yahoo.com

+---------------------------------------------------------------------------+

[~1526 BYTES] - "C:\AD-REPORT-SCAN-27.01.2009.LOG"

End at: 20:23:01 | 27/01/2009 - Time elapsed: 80.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 40 Lines ]
+---------------------------------------------------------------------------+
0
Réponse 9 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
27 janv. 2009 à 20:27
c'est pas bon tu as fait l'option 1 de toolbar recommence avec l'option 2 et poste le rapport, ferme bien tout et fait AD remover ensuite
0
Mira
27 janv. 2009 à 21:22
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 01/30/07 15:12:28 Ver: 08.00.10
USER : Samir ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:14 Go (Free:3 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:22 Go (Free:16 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 27/01/2009|21:13 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\BrowserSearch
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_0
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_1
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_10
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_11
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_2
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_3
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_4
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_5
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_6
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_7
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_8
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Button_9
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\configurator
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\ErrorSearch
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\postInstallLayout
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\products
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Resources
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Tem13A.tmp
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Tem1D1.tmp
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\TimerManager
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\toolbar.xml
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\ToolbarSearch
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot\Updater
Supprime! - C:\Program Files\alot\alotUninst.exe
Supprime! - C:\Program Files\alot\bin
Supprime! - C:\Program Files\Fun Web Products\MSNMessenger
Supprime! - C:\DOCUME~1\LOCALS~1\APPLIC~1\alot
Supprime! - C:\DOCUME~1\Samir\APPLIC~1\alot
Supprime! - C:\Program Files\alot
Supprime! - C:\Program Files\Fun Web Products
Supprime! - C:\Program Files\VVSN

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 23/01/2009|23:06 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 27/01/2009|20:03 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 27/01/2009|21:15 - Option : [2]

-----------\\ Fin du rapport a 21:15:52,60
0
Réponse 10 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
27 janv. 2009 à 20:55
il faut que tu fasse AD remover en option B puis tape 4 pour selectionné funwebproduct et tape S puis entrée et poste le rapport

ensuite repasse toolbar en OPTION 2 et poste le rapport
0
Réponse 11 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
27 janv. 2009 à 21:25
ok pour toolbar maintetnant AD remover en option B puis tape 4 pour selectionné funwebproduct et tape S puis entrée et poste le rapport

puis poste un nouveau hijackthis stp
0
Mira
27 janv. 2009 à 21:37
------- LOGFILE OF AD-REMOVER 1.0.9.3 | ONLY XP/VISTA -------

Updated by C_XX on 17/01/2009 at 12:00

*** LIMITED TO ***

Funwebproduct/Myway/Mywebsearch

******************

Start at: 21:27:27 | Mar 27/01/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: P4-3GHZ | User: Samir ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
- E:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 49

(!) ---- IE start pages reset

+--------------------| Funwebproducts/Myway/Mywebsearch/Myglobalsearch Elements Deleted :

.
.
C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.0.inf

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :

+---------------------------------------------------------------------------+


~~~~ INTERNET EXPLORER VERSION 6.0.2900.2180 ~~~~

+--[HKEY_CURRENT_USER\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\INTERNET EXPLORER\MAIN]

Start page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~1368 BYTES] - "C:\AD-REPORT-CLEAN-27.01.2009.LOG"
[~1858 BYTES] - "C:\AD-REPORT-SCAN-27.01.2009.LOG"

End at: 21:28:57 | 27/01/2009 - Time elapsed: 89.5 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 31 Lines ]
+---------------------------------------------------------------------------+
0
Mira
27 janv. 2009 à 21:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:42:09, on 27/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Samir\Local Settings\Temporary Internet Files\Content.IE5\0PEFG5IV\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {BEF1CC49-9185-4FD9-A680-C80F78CBFB5F} - c:\windows\system32\qyslijf.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Samir\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC8CBCA5-93A4-448C-9CED-AE2A45609894}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mtqunkyb - C:\WINDOWS\SYSTEM32\qyslijf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Réponse 12 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
27 janv. 2009 à 21:54
telecharge malwarebyte
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware

* Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
* Lance une analyse complète en cliquant sur "Exécuter un examen complet"
* Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"
* L'analyse peut durer un bon moment.....
* Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"
* Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"
* Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée
0
Mira
27 janv. 2009 à 21:57
Mon pc est toujours infecté?
0
Réponse 13 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
27 janv. 2009 à 22:00
oui encore pas mal...
0
Mira
28 janv. 2009 à 22:32
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1702
Windows 5.1.2600 Service Pack 2

28/01/2009 22:30:52
mbam-log-2009-01-28 (22-30-52).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 97183
Temps écoulé: 1 hour(s), 3 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mtqunkyb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\qyslijf.dll (Trojan.Vundo.H) -> Delete on reboot.
0
Réponse 14 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
27 janv. 2009 à 22:01
fait le poste 26 avec malwarebyte
0
Réponse 15 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
28 janv. 2009 à 22:37
ok

redemarre ton PC pour finir la suppression avec malwarebyte et ensuite poste un nouveau rapport hijackthis
0
Réponse 16 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
28 janv. 2009 à 22:40
ensuite va sur ce site https://www.virustotal.com/gui/

clic sur parcourir et va chercher ce fichier fait le analyser et poste le rapport

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\ pppoeservice.exe

je reprends demain
0
Mira
29 janv. 2009 à 21:57
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:26, on 29/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Huawei Technologies\Huawei SmartAX MT810\dslmon.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Samir\Local Settings\Temporary Internet Files\Content.IE5\896Z4XUN\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {BEF1CC49-9185-4FD9-A680-C80F78CBFB5F} - c:\windows\system32\qyslijf.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Com Algerie Toolbar - {6ffece26-ac73-45dd-9b24-b35ed02a0b23} - C:\Program Files\Com_Algerie\tbCom1.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Samir\Bureau\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC8CBCA5-93A4-448C-9CED-AE2A45609894}: NameServer = 41.221.20.4 193.251.169.165
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mtqunkyb - C:\WINDOWS\SYSTEM32\qyslijf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Mira
29 janv. 2009 à 22:04
Salut voici le l'ananlyse du fichier

Fichier pppoeservice.exe reçu le 2008.12.14 02:04:38 (CET)
Situation actuelle: terminé

Résultat: 0/38 (0.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.12.2 2008.12.13 -
AntiVir 7.9.0.45 2008.12.12 -
Authentium 5.1.0.4 2008.12.13 -
Avast 4.8.1281.0 2008.12.13 -
AVG 8.0.0.199 2008.12.13 -
BitDefender 7.2 2008.12.14 -
CAT-QuickHeal 10.00 2008.12.13 -
ClamAV 0.94.1 2008.12.14 -
Comodo 749 2008.12.13 -
DrWeb 4.44.0.09170 2008.12.13 -
eSafe 7.0.17.0 2008.12.11 -
eTrust-Vet 31.6.6258 2008.12.12 -
Ewido 4.0 2008.12.13 -
F-Prot 4.4.4.56 2008.12.13 -
F-Secure 8.0.14332.0 2008.12.13 -
Fortinet 3.117.0.0 2008.12.13 -
GData 19 2008.12.14 -
Ikarus T3.1.1.45.0 2008.12.14 -
K7AntiVirus 7.10.553 2008.12.13 -
Kaspersky 7.0.0.125 2008.12.14 -
McAfee 5463 2008.12.13 -
McAfee+Artemis 5463 2008.12.13 -
Microsoft 1.4205 2008.12.13 -
NOD32 3688 2008.12.12 -
Norman 5.80.02 2008.12.12 -
Panda 9.0.0.4 2008.12.13 -
PCTools 4.4.2.0 2008.12.13 -
Prevx1 V2 2008.12.14 -
Rising 21.07.52.00 2008.12.13 -
SecureWeb-Gateway 6.7.6 2008.12.12 -
Sophos 4.36.0 2008.12.13 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.14 -
TheHacker 6.3.1.4.187 2008.12.13 -
TrendMicro 8.700.0.1004 2008.12.12 -
VBA32 3.12.8.10 2008.12.13 -
ViRobot 2008.12.12.1515 2008.12.12 -
VirusBuster 4.5.11.0 2008.12.13 -
Information additionnelle
File size: 49152 bytes
MD5...: 54f77d4e298b76664dcc3b72c6d3ccd3
SHA1..: 04a001ffdfd1c54d58f0077100a271af5c4ebfea
SHA256: 580082f13a9a55ee5f3141bd5c822e5fbab0b9be512d54ce3d0c7d759c62ba6d
SHA512: 9d2db2f26a283be28134cf5080e6342cb5f6518b053f056f55646fefd0d63e7a
6a7fd28ac2fc654099a3ee87c6cbeb567b9746fb6431d69ba465f65b3c44666c

ssdeep: 768:muOGgDLK3oeyNW3xZQn2flNOhHC3M8HSEWQow/x:9kK3GKPlNOhi3MIXoYx

PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (62.7%)
Win32 Executable Generic (14.1%)
Win32 Dynamic Link Library (generic) (12.6%)
Win32 Executable MS Visual FoxPro 7 (3.7%)
Generic Win/DOS Executable (3.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4038de
timedatestamp.....: 0x396b5df3 (Tue Jul 11 17:48:35 2000)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7035 0x8000 6.12 9aeb1392ce172753452cd9c16e8c3d43
.rdata 0x9000 0xe76 0x1000 5.09 344f6c891682597add74120f68e7c919
.data 0xa000 0x22a4 0x1000 3.08 4f99517bf21bd2ac3ab5b1781e89fd9e
.rsrc 0xd000 0xc8 0x1000 0.15 0d21177b39e77bd01a9eac9a57992e59

( 3 imports )
> KERNEL32.dll: GetStdHandle, AllocConsole, FormatMessageA, GlobalAlloc, GlobalFree, GetModuleHandleA, LocalFree, SetConsoleCtrlHandler, GetVersionExA, GetProcAddress, GetModuleFileNameA, GetLastError, SetEvent, GetProcessVersion, WaitForSingleObject, CreateProcessA, CreateEventA, CloseHandle, Sleep, FreeEnvironmentStringsA, FreeEnvironmentStringsW, LoadLibraryA, FlushFileBuffers, SetFilePointer, GetStringTypeA, RtlUnwind, SetStdHandle, GetFileType, GetCommandLineA, GetVersion, ExitProcess, HeapAlloc, HeapFree, GetCPInfo, GetACP, GetOEMCP, SetHandleCount, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, LCMapStringW, GetStringTypeW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, HeapDestroy, HeapCreate, VirtualFree, WriteFile, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc, HeapReAlloc, MultiByteToWideChar, LCMapStringA
> USER32.dll: DefWindowProcA, MessageBoxA, DestroyWindow, CreateWindowExA, RegisterClassA
> ADVAPI32.dll: RegisterServiceCtrlHandlerA, ReportEventA, StartServiceA, DeregisterEventSource, OpenServiceA, ControlService, RegDeleteValueA, DeleteService, OpenSCManagerA, QueryServiceStatus, CloseServiceHandle, StartServiceCtrlDispatcherA, CreateServiceA, LookupAccountNameA, IsValidSid, GetUserNameA, CopySid, RegCreateKeyA, GetLengthSid, RegDeleteKeyA, RegisterEventSourceA, RegOpenKeyExA, RegSetValueExA, SetServiceStatus, RegCloseKey, RegQueryValueExA

( 0 exports )
0
Réponse 17 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
29 janv. 2009 à 22:03
bonsoir,

fait le poste 32 aussi stp

et affiche les dossiers cachés avant d'aller chercher le fichier procede comme sa :

1. Ouvrez le Poste de travail
2. Allez sur le menu Outils et cliquez sur Options des dossiers
3. Dans la fenêtre Options des dossiers, ouvrez l'onglet Affichage
4. Dans la liste des paramètres avancés, trouvez le paramètre "Afficher les fichiers et dossiers cachés" et activer le en cliquant sur le petit bouton rond à gauche du paramètre.
5. Cliquez sur le bouton Appliquer et fermez la fenêtre.
0
Mira
29 janv. 2009 à 22:09
ou je fait le poste32?
0
Réponse 18 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
29 janv. 2009 à 22:14
je viens de me rendre compte de quelque chose :

c:\WINDOWS\system32\qyslijf.dll (Trojan.Vundo.H) -> Delete on reboot.


et sur ton dernier log hijackthis on retrouve

O20 - Winlogon Notify: mtqunkyb - C:\WINDOWS\SYSTEM32\qyslijf.dll
O2 - BHO: (no name) - {BEF1CC49-9185-4FD9-A680-C80F78CBFB5F} - c:\windows\system32\qyslijf.dll

donc

soit tu as pas redemarré de suite ton PC pour finir la suppression
soit tu t'es servi encore de cracks ou keygen qui sont les coupable de ton infections donc SUPPRIME LES TOUS
soit il est revenu seul mais j'en doute fort

donc on recommence

pour commencer deplace hijackthis est met le sur ton bureau c'est a cette emplacement precis qu'il doit etre lancé

puis

fait une mise a jour avec malwarebyte au cas ou

puis fait une mise a jour de ton kaspersky (si c'est pas un crack)
sinon sa sert a rien

puis redemarre ton PC au bip tapote F8 puis choisit mode sans echec

puis lance une analyse RAPIDE avec malwarebyte clic sur afficher resultat et clic sur suppression après et poste le rapport

toujours en sans echec et si ton antivirus tu le paye lance un scan et supprime tout et poste le rapport
0
Mira
29 janv. 2009 à 22:20
sisi j'ai redemarré mon pc et j'ai cliqué sur supprimé les fichiers comme tu me l'as dit hier
pour l'antiverus j'utilise la version gratuite Kaspersky qui se trouve sur le site kasepersky qui dure 1 mois je croix qu'il me reste que quelques jours.
0
Mira
30 janv. 2009 à 16:16
bonjour

alors j'ai redemmaré et j'ai fait le mode sans echec et j'ai l'annalyse de malwarebyte mais j'ai pas trouvé le rapport !
est ce que jhe dois refaire l'analyse
0
Mira
30 janv. 2009 à 19:23
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1708
Windows 5.1.2600 Service Pack 2

30/01/2009 15:59:05
mbam-log-2009-01-30 (15-59-05).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 95496
Temps écoulé: 51 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mtqunkyb (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{bef1cc49-9185-4fd9-a680-c80f78cbfb5f} (Trojan.Vundo.H) -> Delete on reboot.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\system32\qyslijf.dll (Trojan.Vundo.H) -> Delete on reboot.
0
Mira
30 janv. 2009 à 21:56
le rapport de kaspersky
Analyse complète: terminée le 30/01/2009 21:25:24 (événements : 40, objets : 238276, durée : 00:41:32)
Analyse complète: terminée le 30/01/2009 21:25:24 (événements : 40, objets : 238276, durée : 00:41:32)
Analyse complète: terminée le 30/01/2009 21:25:24 (événements : 40, objets : 238276, durée : 00:41:32)
Analyse complète: terminée le 30/01/2009 21:25:24 (événements : 40, objets : 238276, durée : 00:41:32)
30/01/2009 20:43:52 Lancement de la tâche
30/01/2009 20:47:28 Détectés: https://securelist.fr/ c:\program files\microsoft office\office11\excel.exe
30/01/2009 20:47:29 Détectés: https://securelist.fr/ c:\program files\microsoft office\office11\outlook.exe
30/01/2009 20:47:36 Détectés: https://securelist.fr/ c:\program files\microsoft office\office11\powerpnt.exe
30/01/2009 20:47:39 Détectés: https://securelist.fr/ c:\program files\microsoft office\office11\winword.exe
30/01/2009 20:48:21 Détectés: https://securelist.fr/ c:\program files\microsoft office\office11\mspub.exe
30/01/2009 20:48:22 Détectés: https://securelist.fr/ c:\windows\system32\java.exe
30/01/2009 20:48:23 Détectés: https://securelist.fr/ c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll
30/01/2009 21:03:29 Détectés: https://securelist.fr/ c:\program files\Fichiers communs\Mozilla Shared\rundll32.exe
30/01/2009 21:03:37 Détectés: https://securelist.fr/ c:\program files\Fichiers communs\Mozilla Shared\firefox.exe
30/01/2009 21:04:56 Détectés: https://securelist.fr/ c:\program files\Java\jre1.6.0\bin\java.exe
30/01/2009 21:10:53 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip.vir/unpack.exe/FSG
30/01/2009 21:10:54 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\10.setup.zip.vir/setup.exe/FSG
30/01/2009 21:10:54 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip.vir/lime_pro_xmas_gift.exe/FSG
30/01/2009 21:10:54 Non réparés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\10.setup.zip.vir/setup.exe/FSG Reporté
30/01/2009 21:10:54 Non réparés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip.vir/unpack.exe/FSG Reporté
30/01/2009 21:10:54 Non réparés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip.vir/lime_pro_xmas_gift.exe/FSG Reporté
30/01/2009 21:10:54 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip.vir/keygen.exe/FSG
30/01/2009 21:10:54 Non réparés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip.vir/keygen.exe/FSG Reporté
30/01/2009 21:10:54 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.vir/crack.exe/FSG
30/01/2009 21:10:54 Non réparés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.vir/crack.exe/FSG Reporté
30/01/2009 21:14:50 Détectés: https://securelist.fr/ c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
30/01/2009 21:16:30 Détectés: https://securelist.fr/ c:\windows\SoftwareDistribution\Download\405ae8e48aa46e265982686e1678047b\flash.ocx
30/01/2009 21:18:15 Détectés: Trojan.Win32.Agent2.abb c:\windows\system32\14B.tmp
30/01/2009 21:18:24 Non réparés: Trojan.Win32.Agent2.abb c:\windows\system32\14B.tmp Reporté
30/01/2009 21:18:39 Détectés: https://securelist.fr/ c:\windows\system32\java.exe
30/01/2009 21:20:48 Détectés: https://securelist.fr/ c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll
30/01/2009 21:24:33 Détectés: Trojan.Win32.Agent2.abb c:\windows\system32\14B.tmp
30/01/2009 21:25:22 Supprimés: Trojan.Win32.Agent2.abb c:\windows\system32\14B.tmp
30/01/2009 21:25:23 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\10.setup.zip.vir/setup.exe/FSG
30/01/2009 21:25:23 Supprimés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\10.setup.zip.vir/setup.exe
30/01/2009 21:25:23 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip.vir/unpack.exe/FSG
30/01/2009 21:25:23 Supprimés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\11.unpack.zip.vir/unpack.exe
30/01/2009 21:25:24 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip.vir/lime_pro_xmas_gift.exe/FSG
30/01/2009 21:25:24 Supprimés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\12.limepro.zip.vir/lime_pro_xmas_gift.exe
30/01/2009 21:25:24 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip.vir/keygen.exe/FSG
30/01/2009 21:25:24 Supprimés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\13.keygen.zip.vir/keygen.exe
30/01/2009 21:25:24 Détectés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.vir/crack.exe/FSG
30/01/2009 21:25:24 Supprimés: P2P-Worm.Win32.Nugg.x c:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\2.crack.zip.vir/crack.exe
30/01/2009 21:25:27 Fin de la tâche
0
Mira
31 janv. 2009 à 19:16
salut j'ai fait le scna de java mais j'ai trouvé le rapport vide sur le c, je l'ai fait deux fois

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jan 31 18:13:25 2009

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sat Jan 31 19:14:54 2009
0
Réponse 19 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
29 janv. 2009 à 22:24
et bien supprime tes CRACK et companie et fait tout sa :

scan rapide avec malwarebyte
et scan avec kaspersky en ayant fait les mise a jour avant et les scans fait les en mode sans echec et poste les rapports
0
Réponse 20 / 26
plopus Messages postés 5962 Date d'inscription jeudi 1 janvier 2009 Statut Contributeur sécurité Dernière intervention 11 mars 2012 293
30 janv. 2009 à 16:20
bonjour,

lance malwarebyte
va dans l'onglet rapport/log et double clic sur le dernier log et poste le ici

pour kaspersky enregistre ton rapport pour pas le perdre et poste le ici aussi
0