Lecture résumé HIJACKTHIS

ROSALLY Messages postés 80 Statut Membre -  
ROSALLY Messages postés 80 Statut Membre -
Bonjour,
pourriez vous lire mon resumé suite à un scan avec hijackthis
et me dire s'il y a reparation a faire, je pense que oui, parce que j'ai tjrs le meme probleme a savoir site Chinois en page d'accueil au lancement de internet explorer... suivi par d'autres sans les avoir ouvert...
j'ai l'impression qu'il prend possession de mon pc et je ne peux rie n faire j'ai beau instalé des anti virus, anti spam, rien a faire...
merci d'avance



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:13, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Goto Software\Vaderetro_Mgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys1E.tmp
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wauafe.exe
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [VadeRetro Outlook] C:\Program Files\Goto Software\Vade Retro\VrMoRegister.exe -s
O4 - HKLM\..\Run: [VRManager] C:\Program Files\Fichiers communs\Goto Software\Vaderetro_Mgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
A voir également:

123 réponses

Réponse 1 / 123
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

il faut tout nettoyer d'un coup sinon l'infection se relance.

Mais d'abord installe un antivirus :

http://www.commentcamarche.net/telecharger/telecharger 55 antivir

et un parefeu :

http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

Booddha te donnera les tutoriels.

============================
Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

Rootkit::
c:\program files\MediaChannel\Navvy 5.2\NavvyUp.exe
c:\windows\system32\msexe.exe
c:\windows\system32\zxexe.exe
c:\windows\system32\kdexe.exe
c:\windows\Fonts\wuauclt.exe
c:\docume~1\CKSAND~1\LOCALS~1\Temp\502514
c:\program files\Internet Explorer\PowerJo.ase
c:\program files\Internet Explorer\PowerJv.ask
c:\windows\system32\odgildpe.dll
c:\windows\system32\ebhpliad.dll
c:\windows\system32\homegdpk.dll
c:\windows\system32\cockgddc.dll
c:\windows\system32\ojdnnlnf.dll
c:\windows\system32\aldoiilk.dll
c:\windows\system32\heifeado.dll
c:\windows\system32\ambiojfn.dll
c:\windows\system32\kdkdfeln.dll
c:\windows\system32\ooaddion.dll
c:\windows\system32\ndaelgfl.dll
c:\windows\system32\ccbficfi.dll
c:\windows\system32\gajdpnec.dll
c:\windows\system32\ikdapmcm.dll
c:\windows\system32\dbfkipbd.dll
c:\windows\system32\ogcmfdaf.dll
c:\windows\system32\lkknkgnk.dll
c:\windows\system32\kffoogac.dll
c:\windows\system32\akolkhck.dll
c:\windows\system32\oojlpcib.dll
c:\windows\system32\eojpchpn.dll
c:\windows\system\rund1132.exe
c:\windows\system32\drivers\pnpmem.sys
c:\windows\winsscoo.exe
c:\windows\system32\drivers\winyyy.sys
c:\windows\system32\drivers\ati4twxx.sys
c:\windows\system32\drivers\ati8quxx.sys
c:\windows\system32\drivers\ethcjxre.sys
c:\windows\fonts\alsk.sys
c:\windows\fonts\naks.sys
c:\windows\system32\dllcache\spoolsv.exe
c:\windows\system32\WanPacket.dll
c:\windows\WinShell.\daemon.exe
c:\windows\smss.exe
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\waubfe.exe
c:\program files\bccd.pif
C:\WINDOWSupdate.dll
c:\windows\system32\kdexe.exe
c:\windows\system32\waubfe.exe
c:\windows\winsscoo.exe
c:\windows\system32\drivers\winyyy.sy­s
c:\windows\system32\1957817A.dll
c:\windows\system32\1957817A.cfg
c:\windows\system32\zxexe.exe
c:\windows\system32\198FF3D8.dll
c:\windows\system32\198FF3D8.cfg
c:\windows\system32\msexe.exe
c:\windows\system32\asdfasdf
c:\windows\system32\registryboosterppcg15.exe
c:\windows\system32\wauafe.exe
c:\windows\system32\dfln.dll
c:\windows\sysinfo.tmp
c:\windows\system32\waunafe.exe
c:\windows\system32\dafln.dll
c:\windows\system32\MSPolicyAgent.dll
c:\windows\system32\types.tmp
c:\windows\system32\waumafe.exe
c:\windows\system32\waulafe.exe
c:\windows\system32\fasadf.dll
c:\windows\system32\somspring.dat
c:\windows\system32\romarshal.dat
c:\windows\system32\drivers\pnpmem.sys
c:\windows\system32\ormsgse.axz
c:\windows\system32\waukafe.exe
c:\windows\system32\flzaitian.dll
c:\windows\system32\exlds.ini
C:\FINE CRUSH LTD.doc
c:\windows\system32\drivers\52438666.txt
c:\program files\cacmchc
c:\program files\Fichiers communs\qybabiqylo.dl
c:\program files\Fichiers communs\vexomigaga._sy
c:\program files\Fichiers communs\vodeqet.ban
c:\documents and settings\All Users\Application Data\288537758
c:\windows\system32\alimoto32.exe
c:\windows\system32\RamrtwC.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
c:\windows\system32\704C3595.dll
c:\windows\system32\704C3595.cfg
c:\windows\system32\16BC0F81.dll
c:\windows\system32\16BC0F81.cfg
c:\windows\tmp.dat
c:\windows\sys.ini
c:\program files\internet explorer\plugins\icwres.dll
c:\windows\system32\aoalmieo.dll
c:\windows\system32\cbndboek.dll
c:\windows\system32\cciieood.dll
c:\windows\system32\cdcgebkf.dll
c:\windows\system32\cpnbliif.dll
c:\windows\system32\dpbfhnfj.dll
c:\windows\system32\feeckhoj.dll
c:\windows\system32\gjdochbi.dll
c:\windows\system32\ipppkhkc.dll
c:\windows\system32\mppblchp.dll
c:\windows\system32\nfbdadcc.dll
c:\windows\system32\npptools.dll
c:\windows\system32\npptools.dll
c:\windows\system32\pahklhok.dll
c:\windows\system32\pfpjhepc.dll
c:\windows\system32\piakdpih.dll
c:\windows\Temp\Perflib_Perfdata_b4.dat
c:\program files\Fichiers communs\PushWare\cpush.dll
c:\windows\Intel\baiduc.dll
c:\program files\Internet Explorer\IETimber\IETimber.dll
c:\windows\system32\dllcache\spoolsv.exe
c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE
c:\windows\system32\7f7lMNDh.exe
c:\windows\system32\exlds.ini
c:\docume~1\CKSAND~1\LOCALS~1\temp\sys2A.tmp
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\waubfe.exe



folder::
C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\XP_Antispyware
c:\program files\Fichiers communs\PushWare
c:\program files\cacmchc

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5419706F-9AD1-49BB-A91F-EE6B62E2881E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912F6837-CCB6-424B-BC9C-8BB5541AFB54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MewBohoMediaPop.PopBoho]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezzAdPopup.BXLogc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezzAdPopup.BXLogc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NavvyUp"=-
"msexe.exe"=-
"zxexe.exe"=-
"kdexe.exe"=-
"Á³# L\"h'þ9Óœð3rÅWc:\\Program Files\\ISTsvc\\istsvc.exe"="=-


[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"svchstt"=-
"360safe"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5419706F-9AD1-49BB-A91F-EE6B62E2881E}"=-
"{912F6837-CCB6-424B-BC9C-8BB5541AFB54}"=-
"8D025D9E"=-
"EB1952AD"=-
"186E0D94"=-
"C8C40DDC"=-
"83D7757F"=-
"A5D82254"=-
"1E2FEAD8"=-
"A6B283F7"=-
"4D4DFE57"=-
"88ADD287"=-
"7DAE50F5"=-
"CCBF2CF2"=-
"0A3D97EC"=-
"24DA96C6"=-
"DBF429BD"=-
"80C6FDAF"=-
"54474074"=-
"4FF880AC"=-
"A48541C4"=-
"88359C2B"=-
"{198FF3D8-56F1-466B-A36F-F9C28B43E440}"=-
"{1957817A-94B2-4CAC-B113-A331809B5730}"=-
"{CC22E88D-6A04-4A65-A4B9-0CC0D3AE3014}"=-
"{03D8C1B2-5C21-4784-96C1-00228A85A357}"=-
"{CDC0EB4F-C90A-47A7-B43F-47AC7FFBC413}"=-
"{D9BF17F3-F42E-48E2-B098-A0E2C9013FB3}"=-
"{CB7DB8E4-2C26-4A99-89E8-9339AC260CA4}"=-
"{C97B522F-A373-4954-A638-FC5F755A6161}"=-
"{2999414C-E194-4B03-8486-EEEE03F40EE9}"=-
"{FEEC4183-4715-4F28-891C-077F07231A6B}"=-
"{9F931E9C-F6FB-4918-844E-A6CE25B24792}"=-
"{9A145184-6AA3-43CD-958D-D22A1D9D9333}"=-
"{699B5C19-E0A2-4121-A989-D7A8A1B6B104}"=-
"{A8A562E8-97BC-4E82-BAA2-0F361A9F9EF5}"=-
"{92A4D921-7454-4A8B-A510-93E9AFB53821}"=-
"{7FBDADCC-FC94-46BB-BA54-84BE7CBC5D92}"=-


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"8D025D9E"=-
"EB1952AD"=-
"186E0D94"=-
"C8C40DDC"=-
"83D7757F"=-
"A5D82254"=-
"1E2FEAD8"=-
"A6B283F7"=-
"4D4DFE57"=-
"88ADD287"=-
"7DAE50F5"=-
"CCBF2CF2"=-
"0A3D97EC"=-
"24DA96C6"=-
"DBF429BD"=-
"80C6FDAF"=-
"54474074"=-
"4FF880AC"=-
"A48541C4"=-
"88359C2B"=-
"CC22E88D"=-
"03D8C1B2"=-
"CDC0EB4F"=-
"D9BF17F3"=-
"CB7DB8E4"= -
"C97B522F"= -
"2999414C"=-
"FEEC4183"=-
"9F931E9C"=-
"9A145184"=-
"699B5C19"=-
"A8A562E8"=-
"92A4D921"=-
"7FBDADCC"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]




driver::
pnpmem
WinSSCOM
MyProt
ati4twxx
ati8quxx
ethcjxre
alsk
naks
BackWeb Client
lpdx


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
4
Réponse 2 / 123
Utilisateur anonyme
 
ToolBars
MalwaresBytes
SmitfraudFix
Combofix
---------------------- Ne pas tenir compte des lignes ci-dessus
Normallement l'outil ci-dessous s'execute en mode sans échec.
On va essayer en mode normal.

===================== COMBOFIX =======================
• Imprimer ou sauvegarder avec le bloc-note cette procédure car la suite va se dérouler sans accès à Internet.
• Installer ComboFix sur le bureau
Note :
Le serveur de téléchargement peut être en surcharge et renvoyer une page d'erreur. Il faut insister.
• Renommer COMBOFIX.EXE en COMBO-FIX.EXE

• Désactiver seulement pendant l'utilisation de ComboFix, la protection de l'antivirus et de l'antispyware ceux-ci pouvant entraver le bon fonctionnement de combofix
• Fermer toutes les applications en cours
• Double-click sur l'icône qui s'est installé sur le bureau
• Si Combofix propose d'installer la console de récupération windows accepter
• Ensuite appuyer sur la touche 1 puis sur entrée
• Laisser Combofix travailler sans se servir de la machine.
• Si ComboFix a besoin de redémarrer la machine, laisser faire sinon redémarrer en mode normal.
• Copier/Coller le rapport généré dans le bloc-note dans le prochain message
(Ce fichier est automatiquement généré et enregistré sous C:\Combofix.txt)

NB : Combofix ne met jamais plus de 20 minutes reboot inclus pour s'effectuer si un malware est détecté.
Si le cas se présente, ouvrir le gestionnaire de tâches (appui sur les touches ctrl, alt et Suppr en même temps)
et tuer les processus findstr, find, sed ou swreg, pour que combofix puisse continuer.
Si cela arrive, l'indiquer ainsi que les noms des processus ayant été tués.

2
Réponse 3 / 123
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

===========

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.6700.cn?tn=1027251
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {912F6837-CCB6-424B-BC9C-8BB5541AFB54} - C:\Program Files\Internet Explorer\PowerJv.ask (file missing)
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKLM\..\Run: [zxexe.exe] C:\WINDOWS\system32\zxexe.exe
O4 - HKLM\..\Run: [UUSEE] "C:\Program Files\Fichiers communs\uusee\UUSeeMediaCenter.exe"
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [stup] C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\3010780
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ʹÓÃUUSee¼ÓËÙ²¥·Å - C:\Program Files\uusee\geturltoplay.htm
O8 - Extra context menu item: ʹÓÃUUSeeÏÂÔØ - C:\Program Files\uusee\geturltodown.htm
O9 - Extra button: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra 'Tools' menuitem: ºÜ¿ìÊÓƵËÑË÷ - {998A88A0-A355-809B-831C-B83A80000991} - http://www.henkuai.com/?from=iebannel (file missing)
O9 - Extra button: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O9 - Extra 'Tools' menuitem: Æô¶¯UUSee ÍøÂçµçÊÓ - {998A88A0-A355-809B-831C-B83A80000992} - C:\Program Files\uusee\UUSeePlayer.exe
O20 - AppInit_DLLs: hbfbmhof.dll
O21 - SSODL: B3DDF3DF - {B3DDF3DF-0A05-4BE9-B37D-7021BD501C7A} - C:\WINDOWS\system32\bjddfjdf.dll (file missing)
O21 - SSODL: A9386267 - {A9386267-1CF0-48EC-9DBA-412A44C76334} - C:\WINDOWS\system32\apjomimn.dll (file missing)
O21 - SSODL: 9B8978FE - {9B8978FE-5B0E-476D-8F15-3FB5119A42F3} - C:\WINDOWS\system32\pbopnofe.dll (file missing)
O21 - SSODL: FE494031 - {FE494031-756B-4865-99B4-4DE92DDCF609} - C:\WINDOWS\system32\fekpkgjh.dll (file missing)
O21 - SSODL: 46184B86 - {46184B86-19FF-4A37-9167-4C538027CEBC} - C:\WINDOWS\system32\kmhokbom.dll (file missing)
O21 - SSODL: AC9A4670 - {AC9A4670-B0B6-4EC7-B6A5-B29FA3530420} - C:\WINDOWS\system32\acpakmng.dll (file missing)
O21 - SSODL: 9B3DC09A - {9B3DC09A-2613-4613-96F8-F8E305BFF825} - C:\WINDOWS\system32\pbjdcgpa.dll (file missing)
O21 - SSODL: C13945CA - {C13945CA-D00B-4474-B105-3838809607EA} - C:\WINDOWS\system32\chjpklca.dll (file missing)
O21 - SSODL: 1BFB618F - {1BFB618F-82C7-45DE-A0B9-F76FACE92F32} - C:\WINDOWS\system32\hbfbmhof.dll
O21 - SSODL: 22EC45F3 - {22EC45F3-1651-409E-8273-6D80E39B4549} - C:\WINDOWS\system32\iiecklfj.dll (file missing)
O21 - SSODL: 391597A0 - {391597A0-67FF-4D4F-9AFF-8471E5D0D3C9} - C:\WINDOWS\system32\jphlpnag.dll (file missing)
O21 - SSODL: BA9620A6 - {BA9620A6-68E8-492D-9B28-7B7416F69673} - C:\WINDOWS\system32\bapmigam.dll (file missing)
O21 - SSODL: 04D3233B - {04D3233B-EC1F-44B3-BBE4-9D76438EEC1E} - C:\WINDOWS\system32\gkdjijjb.dll (file missing)
O21 - SSODL: 51E74159 - {51E74159-54A6-4355-A78F-55998328FC07} - C:\WINDOWS\system32\lhenkhlp.dll (file missing)


Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

=================================

============================
Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

Rootkit::
c:\program files\MediaChannel\Navvy 5.2\NavvyUp.exe
c:\windows\system32\msexe.exe
c:\windows\system32\zxexe.exe
c:\windows\system32\kdexe.exe
c:\windows\Fonts\wuauclt.exe
c:\docume~1\CKSAND~1\LOCALS~1\Temp\502514
c:\program files\Internet Explorer\PowerJo.ase
c:\program files\Internet Explorer\PowerJv.ask
c:\windows\system32\odgildpe.dll
c:\windows\system32\ebhpliad.dll
c:\windows\system32\homegdpk.dll
c:\windows\system32\cockgddc.dll
c:\windows\system32\ojdnnlnf.dll
c:\windows\system32\aldoiilk.dll
c:\windows\system32\heifeado.dll
c:\windows\system32\ambiojfn.dll
c:\windows\system32\kdkdfeln.dll
c:\windows\system32\ooaddion.dll
c:\windows\system32\ndaelgfl.dll
c:\windows\system32\ccbficfi.dll
c:\windows\system32\gajdpnec.dll
c:\windows\system32\ikdapmcm.dll
c:\windows\system32\dbfkipbd.dll
c:\windows\system32\ogcmfdaf.dll
c:\windows\system32\lkknkgnk.dll
c:\windows\system32\kffoogac.dll
c:\windows\system32\akolkhck.dll
c:\windows\system32\oojlpcib.dll
c:\windows\system32\eojpchpn.dll
c:\windows\system\rund1132.exe
c:\windows\system32\drivers\pnpmem.sys
c:\windows\winsscoo.exe
c:\windows\system32\drivers\winyyy.sys
c:\windows\system32\drivers\ati4twxx.sys
c:\windows\system32\drivers\ati8quxx.sys
c:\windows\system32\drivers\ethcjxre.sys
c:\windows\fonts\alsk.sys
c:\windows\fonts\naks.sys
c:\windows\system32\dllcache\spoolsv.exe
c:\windows\system32\WanPacket.dll
c:\windows\WinShell.\daemon.exe
c:\windows\smss.exe
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\waubfe.exe
c:\program files\bccd.pif
C:\WINDOWSupdate.dll
c:\windows\system32\kdexe.exe
c:\windows\system32\waubfe.exe
c:\windows\winsscoo.exe
c:\windows\system32\drivers\winyyy.sy­s
c:\windows\system32\1957817A.dll
c:\windows\system32\1957817A.cfg
c:\windows\system32\zxexe.exe
c:\windows\system32\198FF3D8.dll
c:\windows\system32\198FF3D8.cfg
c:\windows\system32\msexe.exe
c:\windows\system32\asdfasdf
c:\windows\system32\registryboosterppcg15.exe
c:\windows\system32\wauafe.exe
c:\windows\system32\dfln.dll
c:\windows\sysinfo.tmp
c:\windows\system32\waunafe.exe
c:\windows\system32\dafln.dll
c:\windows\system32\MSPolicyAgent.dll
c:\windows\system32\types.tmp
c:\windows\system32\waumafe.exe
c:\windows\system32\waulafe.exe
c:\windows\system32\fasadf.dll
c:\windows\system32\somspring.dat
c:\windows\system32\romarshal.dat
c:\windows\system32\drivers\pnpmem.sys
c:\windows\system32\ormsgse.axz
c:\windows\system32\waukafe.exe
c:\windows\system32\flzaitian.dll
c:\windows\system32\exlds.ini
C:\FINE CRUSH LTD.doc
c:\windows\system32\drivers\52438666.txt
c:\program files\cacmchc
c:\program files\Fichiers communs\qybabiqylo.dl
c:\program files\Fichiers communs\vexomigaga._sy
c:\program files\Fichiers communs\vodeqet.ban
c:\documents and settings\All Users\Application Data\288537758
c:\windows\system32\alimoto32.exe
c:\windows\system32\RamrtwC.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
c:\windows\system32\704C3595.dll
c:\windows\system32\704C3595.cfg
c:\windows\system32\16BC0F81.dll
c:\windows\system32\16BC0F81.cfg
c:\windows\tmp.dat
c:\windows\sys.ini
c:\program files\internet explorer\plugins\icwres.dll
c:\windows\system32\aoalmieo.dll
c:\windows\system32\cbndboek.dll
c:\windows\system32\cciieood.dll
c:\windows\system32\cdcgebkf.dll
c:\windows\system32\cpnbliif.dll
c:\windows\system32\dpbfhnfj.dll
c:\windows\system32\feeckhoj.dll
c:\windows\system32\gjdochbi.dll
c:\windows\system32\ipppkhkc.dll
c:\windows\system32\mppblchp.dll
c:\windows\system32\nfbdadcc.dll
c:\windows\system32\npptools.dll
c:\windows\system32\npptools.dll
c:\windows\system32\pahklhok.dll
c:\windows\system32\pfpjhepc.dll
c:\windows\system32\piakdpih.dll
c:\windows\Temp\Perflib_Perfdata_b4.dat
c:\program files\Fichiers communs\PushWare\cpush.dll
c:\windows\Intel\baiduc.dll
c:\program files\Internet Explorer\IETimber\IETimber.dll
c:\windows\system32\dllcache\spoolsv.exe
c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE
c:\windows\system32\7f7lMNDh.exe
c:\windows\system32\exlds.ini
c:\docume~1\CKSAND~1\LOCALS~1\temp\sys2A.tmp
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\hbfbmhof.dll
c:\windows\system32\drivers\jme.sys
E:\CC.PIF
c:\windows\WinShell..\daemon.exe
%Windir%\winsscoo.exe
c:\windows\smss.exe.vzr
c:\windows\system32\ormsgse.axz
c:\windows\winsscoo.exe.vzr
c:\windows\system32\1957817A.dll.vzr
c:\windows\system32\704C3595.dll.vzr
c:\windows\system32\4FBFD5A4.dll.vzr
c:\windows\system32\16BC0F81.dll.vzr
c:\windows\system32\16AF66EB.dll.vzr
c:\windows\system32\F65BDEC7.dll.vzr
c:\windows\system32\72B29486.cfg




folder::
C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\XP_Antispyware
c:\program files\Fichiers communs\PushWare
c:\program files\cacmchc

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5419706F-9AD1-49BB-A91F-EE6B62E2881E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912F6837-CCB6-424B-BC9C-8BB5541AFB54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MewBohoMediaPop.PopBoho]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezzAdPopup.BXLogc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezzAdPopup.BXLogc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINSSCOM]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSSCOM]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINSSCOM]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSSCOM]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NavvyUp"=-
"msexe.exe"=-
"zxexe.exe"=-
"kdexe.exe"=-
"Á³# L\"h'þ9Óœð3rÅWc:\\Program Files\\ISTsvc\\istsvc.exe"="=-


[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"svchstt"=-
"360safe"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5419706F-9AD1-49BB-A91F-EE6B62E2881E}"=-
"{912F6837-CCB6-424B-BC9C-8BB5541AFB54}"=-
"8D025D9E"=-
"EB1952AD"=-
"186E0D94"=-
"C8C40DDC"=-
"83D7757F"=-
"A5D82254"=-
"1E2FEAD8"=-
"A6B283F7"=-
"4D4DFE57"=-
"88ADD287"=-
"7DAE50F5"=-
"CCBF2CF2"=-
"0A3D97EC"=-
"24DA96C6"=-
"DBF429BD"=-
"80C6FDAF"=-
"54474074"=-
"4FF880AC"=-
"A48541C4"=-
"88359C2B"=-
"{198FF3D8-56F1-466B-A36F-F9C28B43E440}"=-
"{1957817A-94B2-4CAC-B113-A331809B5730}"=-
"{CC22E88D-6A04-4A65-A4B9-0CC0D3AE3014}"=-
"{03D8C1B2-5C21-4784-96C1-00228A85A357}"=-
"{CDC0EB4F-C90A-47A7-B43F-47AC7FFBC413}"=-
"{D9BF17F3-F42E-48E2-B098-A0E2C9013FB3}"=-
"{CB7DB8E4-2C26-4A99-89E8-9339AC260CA4}"=-
"{C97B522F-A373-4954-A638-FC5F755A6161}"=-
"{2999414C-E194-4B03-8486-EEEE03F40EE9}"=-
"{FEEC4183-4715-4F28-891C-077F07231A6B}"=-
"{9F931E9C-F6FB-4918-844E-A6CE25B24792}"=-
"{9A145184-6AA3-43CD-958D-D22A1D9D9333}"=-
"{699B5C19-E0A2-4121-A989-D7A8A1B6B104}"=-
"{A8A562E8-97BC-4E82-BAA2-0F361A9F9EF5}"=-
"{92A4D921-7454-4A8B-A510-93E9AFB53821}"=-
"{7FBDADCC-FC94-46BB-BA54-84BE7CBC5D92}"=-
"{1BFB618F-82C7-45DE-A0B9-F76FACE92F32}"=-


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"8D025D9E"=-
"EB1952AD"=-
"186E0D94"=-
"C8C40DDC"=-
"83D7757F"=-
"A5D82254"=-
"1E2FEAD8"=-
"A6B283F7"=-
"4D4DFE57"=-
"88ADD287"=-
"7DAE50F5"=-
"CCBF2CF2"=-
"0A3D97EC"=-
"24DA96C6"=-
"DBF429BD"=-
"80C6FDAF"=-
"54474074"=-
"4FF880AC"=-
"A48541C4"=-
"88359C2B"=-
"CC22E88D"=-
"03D8C1B2"=-
"CDC0EB4F"=-
"D9BF17F3"=-
"CB7DB8E4"= -
"C97B522F"= -
"2999414C"=-
"FEEC4183"=-
"9F931E9C"=-
"9A145184"=-
"699B5C19"=-
"A8A562E8"=-
"92A4D921"=-
"7FBDADCC"=-
"1BFB618F"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
"AppInit_DLLs"=""


[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}] => Ligne non traitée



driver::
pnpmem
WinSSCOM
MyProt
ati4twxx
ati8quxx
ethcjxre
alsk
naks
BackWeb Client
lpdx
rnieys



Enregistre ce fichier sous le nom CFscript

Connecte ta clé USB (le E:\)


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
2
Réponse 4 / 123
Utilisateur anonyme
 
Bonjour,

Oui je l'ai vu

Concernant Hijackthis, je lis ceci

C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\HiJackThis[1].exe

Il devrait être dans un dossier Program Files > Trend Micro > Hijackthis.

Si tu le laisses s'installer seul c'est ce qu'il fera. L'installer ailleurs pourrait lui masquer des infections, donc oui il faut désinstaller celui en cours et le réinstaller avec ses options d'installations par défaut (pour faire simple c'est cliquer sur OK à ce qu'il propose).

Si toolbar à fait du bon boulot, il n'a pas fait tout le boulot, les outils sont spécialisés pour éradiquer à fond certaines infections mais pas toutes, donc il faut passer plusieurs outils pour une décontamination totale.

=================== SMITFRAUDFIX ======================

Télécharger SmitfraudFix (de S!ri)


Etape 1 : Recherche

• Mettre le fichier SmitfraudFix.exe, téléchargé préalablement, sur le Bureau Windows.
• Double click sur SmitfraudFix.exe pour lancer l'outil.
• Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
• Copier/Coller le rapport qui se trouve à la racine de la partition système (en général il s'agit de C: ) dans le fichier rapport.txtdans le prochain message
• Attendre la suite

Notes:
1/ Il faut autoriser l'exécution de l'intégralité du script Visual Basic (fichier de type vbs) une
seule fois en cas d'alerte par votre antivirus (pas d'interruption).
2/ process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus,
mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité
(Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. Site officiel
3/ Sous vista le faire exécuter avec les droits d'administrateur si il y a un souci.
1
ROSALLY Messages postés 80 Statut Membre
 
ci-près rapport de SmitfraudFix


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\122863
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\415976
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\531060
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\2403628
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
0
ROSALLY Messages postés 80 Statut Membre
 
je narrive pas à lancer Hijackthis potant j'ai respecter tes instructions

il est bien placé : Program Files > Trend Micro > Hijackthis.
impossible de lancer !!!!!
0
ROSALLY Messages postés 80 Statut Membre
 
ENFIN le rapport ed Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:29, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\System.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\113254
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\392273
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\498372
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: (no name) - {5419706F-9AD1-49BB-A91F-EE6B62E2881E} - C:\Program Files\Internet Explorer\PowerJo.ase
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NavvyUp] C:\Program Files\MediaChannel\Navvy 5.2\NavvyUp.exe
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKLM\..\Run: [zxexe.exe] C:\WINDOWS\system32\zxexe.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKLM\..\Policies\Explorer\Run: [Alcmtr] anymie360.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchstt] C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\498372
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: HBmhly.dll,nddkeikh.dll,bmnifpfp.dll,odgildpe.dll,ipfiecga.dll,ebhpliad.dll,nhicnlja.dll,klkonadp.dll,apbnhelo.dll,faemfooe.dll,kbpogjjd.dll,daojjceg.dll,mlplbhko.dll,nanpmono.dll,hmfbmbop.dll,kalcdmjk.dll,lijloklj.dll,coljmbkd.dll,fojhekcb.dll
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O21 - SSODL: 29F2EC0A - {29F2EC0A-A2F9-42DB-8FC7-504651A4C124} - C:\WINDOWS\system32\ipfiecga.dll
O21 - SSODL: 8D025D9E - {8D025D9E-A5AC-49DB-968D-1F2A3C030840} - C:\WINDOWS\system32\odgildpe.dll
O21 - SSODL: EB1952AD - {EB1952AD-75E8-4E4E-B626-2C415DA35709} - C:\WINDOWS\system32\ebhpliad.dll
O21 - SSODL: 712C753A - {712C753A-D792-4C03-AED2-85EB71627FE0} - C:\WINDOWS\system32\nhicnlja.dll
O21 - SSODL: 7DD4E241 - {7DD4E241-8EB1-4070-BE01-76BE01F15FE7} - C:\WINDOWS\system32\nddkeikh.dll
O21 - SSODL: B672F9F9 - {B672F9F9-4741-497A-8EC9-22A24EB7D009} - C:\WINDOWS\system32\bmnifpfp.dll
O21 - SSODL: 45487AD9 - {45487AD9-22B8-4784-BD29-57E9CFB593A8} - C:\WINDOWS\system32\klkonadp.dll
O21 - SSODL: A9B71E58 - {A9B71E58-C390-4279-80F9-AFED2D6A2EC9} - C:\WINDOWS\system32\apbnhelo.dll
O21 - SSODL: FAE6F88E - {FAE6F88E-5143-4010-9617-E1D9A665D959} - C:\WINDOWS\system32\faemfooe.dll
O21 - SSODL: 4B98033D - {4B98033D-9AEE-40FC-B6F4-36E14BFC3949} - C:\WINDOWS\system32\kbpogjjd.dll
O21 - SSODL: DA833CE0 - {DA833CE0-AFD0-402E-A97D-68323E06632B} - C:\WINDOWS\system32\daojjceg.dll
O21 - SSODL: 6595B148 - {6595B148-5863-4A03-88E1-46C55F613F65} - C:\WINDOWS\system32\mlplbhko.dll
O21 - SSODL: 7A796878 - {7A796878-8201-4AE6-981B-E6762540BF5D} - C:\WINDOWS\system32\nanpmono.dll
O21 - SSODL: 16FB6B89 - {16FB6B89-7DE9-4D19-B774-F915E6229F79} - C:\WINDOWS\system32\hmfbmbop.dll
O21 - SSODL: 4A5CD634 - {4A5CD634-6301-48B6-B1CA-64685713DFB3} - C:\WINDOWS\system32\kalcdmjk.dll
O21 - SSODL: 52358453 - {52358453-D84D-43B7-A62A-DB1989BAD6B1} - C:\WINDOWS\system32\lijloklj.dll
O21 - SSODL: C8536B4D - {C8536B4D-D36B-43CA-89D5-EDC2CA8EDE5C} - C:\WINDOWS\system32\coljmbkd.dll
O21 - SSODL: F831E4CB - {F831E4CB-52A5-415B-8131-0CA0478C80BB} - C:\WINDOWS\system32\fojhekcb.dll
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 123
Utilisateur anonyme
 
Ok, il y a peut-être un problème.

Le réinstaller comme précédemment.

C'est quoi le rapport au-dessus car ce n'est pas complet ?
1
ROSALLY Messages postés 80 Statut Membre
 
as tu vu le rapport de SmitFraudFix
il y a un probleme, un decalage entre le postage des messages et l'afficharge des ces derniers sur le site
merci
0
Réponse 6 / 123
Utilisateur anonyme
 
Tu te réinfectes à chaque fois

fais ceci

===================== Fichier Hosts =====================
Restauration du fichier Host

. Télécharger RHosts
. L'installer et lancer le programme.
1
Réponse 7 / 123
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Ouvre ce lien :

http://telechargement.zebulon.fr/zeb-restore.html

et exécute toutes les modalités.

Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://07129.com
O1 - Hosts: 127.0.0.2 ymsdasdw1.cn
O1 - Hosts: 127.0.0.3 h96b.info
O1 - Hosts: 127.0.0.0 fuck.zttwp.cn
O1 - Hosts: 127.0.0.0 www.hackerbf.cn
O1 - Hosts: 127.0.0.0 zzz.2008wyt.net
O1 - Hosts: 127.1.1.1 999.2005wyt.com
O1 - Hosts: 127.1.1.1 219.152.120.240
O1 - Hosts: 127.0.0.0 ww.popdm.cn
O1 - Hosts: 127.1.1.1 bbt.etimes888.com
O1 - Hosts: 127.1.1.1 219.147.13.53
O1 - Hosts: 127.1.1.1 dl.360safe.com
O1 - Hosts: 127.1.1.1 www.sunlight.org.cn
O1 - Hosts: 127.1.1.1 w.wonthe.cn
O1 - Hosts: 127.1.1.1 20068080.cn
O1 - Hosts: 127.1.1.1 l.neter888.cn
O1 - Hosts: 127.1.1.1 stat.untang.com
O1 - Hosts: 127.1.1.1 www.ikdy.cn
O1 - Hosts: 127.0.0.0 geekbyfeng.cn
O1 - Hosts: 127.0.0.0 121.14.101.68
O1 - Hosts: 127.0.0.0 ppp.etimes888.com
O1 - Hosts: 127.0.0.0 www.bypk.com
O1 - Hosts: 127.0.0.0 CSC3-2004-crl.verisign.com
O1 - Hosts: 127.0.0.0 udp.hjob123.com
O1 - Hosts: 127.1.1.1 999.hfdy2828.com
O1 - Hosts: 127.1.1.1 www.hfdy2929.com
O1 - Hosts: 127.1.1.1 www.xiazaide1.cn
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 wm.eo2q.cn
O1 - Hosts: 127.1.1.1 d.www-263.com
O1 - Hosts: 127.1.1.1 www.ssy1688.cn
O1 - Hosts: 127.1.1.1 121.12.173.218
O1 - Hosts: 127.1.1.1 qq.18i16.net
O1 - Hosts: 127.1.1.1 a.baidu-6661.com
O1 - Hosts: 127.1.1.1 www.vuf51579.cn
O1 - Hosts: 127.1.1.1 www.1079223105.cn
O1 - Hosts: 127.1.1.1 home.xzx6.cn
O1 - Hosts: 127.1.1.1 top.fgc3.cn
O1 - Hosts: 127.1.1.1 165.246.44.228
O1 - Hosts: 127.1.1.1 wwww.ttfafa.com
O1 - Hosts: 127.1.1.1 pa.tt-09.com
O1 - Hosts: 127.0.0.2 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 www.gamehacker.com.cn
O1 - Hosts: 127.0.0.0 gamehacker.com.cn
O1 - Hosts: 127.1.1.1 www.cctv-100008.cn
O1 - Hosts: 127.1.1.1 222.73.208.141
O1 - Hosts: 127.0.0.3 adlaji.cn
O1 - Hosts: 127.1.1.1 aiyyw.com
O1 - Hosts: 127.1.1.1 bnasnd83nd.cn
O1 - Hosts: 127.0.0.0 user1.12-27.net
O1 - Hosts: 127.0.0.0 fengent.cn
O1 - Hosts: 127.0.0.0 www.sony888.cn
O1 - Hosts: 127.0.0.0 user1.asp-33.cn
O1 - Hosts: 127.0.0.0 www.netkwek.cn
O1 - Hosts: 127.0.0.0 ymsdkad6.cn
O1 - Hosts: 127.0.0.0 www.lkwueir.cn
O1 - Hosts: 127.0.1.1 user1.23-17.net
O1 - Hosts: 127.0.0.0 upa.luzhiai.net
O1 - Hosts: 127.0.0.0 www.guccia.net
O1 - Hosts: 127.0.0.0 4m9mnlmi.cn
O1 - Hosts: 127.0.0.0 mm119mkssd.cn
O1 - Hosts: 127.0.0.0 61.128.171.115:8080
O1 - Hosts: 127.0.0.0 www.1119111.com
O1 - Hosts: 127.0.0.0 win.nihao69.cn
O1 - Hosts: 127.0.0.0 puc.lianxiac.net
O1 - Hosts: 127.0.0.0 pud.lianxiac.net
O1 - Hosts: 127.0.0.0 210.76.0.133
O1 - Hosts: 127.0.0.0 61.166.32.2
O1 - Hosts: 127.0.0.0 218.92.186.27
O1 - Hosts: 127.0.0.0 www.fsfsfag.cn
O1 - Hosts: 127.0.0.0 ovo.ovovov.cn
O1 - Hosts: 127.0.0.0 dw.com.com
O1 - Hosts: 127.0.0.0 t.myblank.cn
O1 - Hosts: 127.0.0.0 x.myblank.cn
O1 - Hosts: 127.0.0.0 qq-xing.com.cn
O1 - Hosts: 127.0.0.0 59.125.231.177:17777
O1 - Hosts: 222.189.238.6 biz5c.sandai.net
O1 - Hosts: 222.189.238.6 recommend.xunlei.com
O1 - Hosts: 222.189.238.6 news.51uc.com
O1 - Hosts: 222.189.238.6 chat.sina.com.cn
O1 - Hosts: 222.189.238.6 hallcenter.ourgame.com
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [msexe.exe] C:\WINDOWS\system32\msexe.exe

O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


O20 - AppInit_DLLs: fdgdbfpe.dll,eljmkpai.dll,hojolkkm.dll,kfbbconb.dll,ppblkjjp.dll,pcmpmfid.dll,gddhbneo.dll,pjhimbeh.dll,hkdhmobo.dll,oacmhclb.dll,ohlaaeam.dll,obpghmoi.dll
O21 - SSODL: 4FBBC87B - {4FBBC87B-C53B-460A-BDC8-65E85BDEDA48} - C:\WINDOWS\system32\kfbbconb.dll
O21 - SSODL: 18385446 - {18385446-70ED-4AC2-B0C5-70BB0D26A3DF} - C:\WINDOWS\system32\hojolkkm.dll
O21 - SSODL: FD0DBF9E - {FD0DBF9E-7000-438E-B9E5-0C8C4F0732D5} - C:\WINDOWS\system32\fdgdbfpe.dll
O21 - SSODL: E53649A2 - {E53649A2-CB52-47DD-9C51-02B35F8F9DFE} - C:\WINDOWS\system32\eljmkpai.dll
O21 - SSODL: 99B54339 - {99B54339-0B20-4C87-B238-379CB58ADFF9} - C:\WINDOWS\system32\ppblkjjp.dll
O21 - SSODL: 9C696F2D - {9C696F2D-465C-48CB-B406-0517E00C2005} - C:\WINDOWS\system32\pcmpmfid.dll
O21 - SSODL: 0DD1B7E8 - {0DD1B7E8-CDBA-4672-A720-22536AED2EB7} - C:\WINDOWS\system32\gddhbneo.dll
O21 - SSODL: 93126BE1 - {93126BE1-B668-436C-9ABD-494BD8B5D113} - C:\WINDOWS\system32\pjhimbeh.dll
O21 - SSODL: 14D168B8 - {14D168B8-9D3D-43EF-81B1-B0C05EA800C9} - C:\WINDOWS\system32\hkdhmobo.dll
O21 - SSODL: 8AC61C5B - {8AC61C5B-2B8B-45C3-9762-F855B06DA270} - C:\WINDOWS\system32\oacmhclb.dll
O21 - SSODL: 815AAEA6 - {815AAEA6-0D7A-4FF5-87EA-5803B20C45D4} - C:\WINDOWS\system32\ohlaaeam.dll
O21 - SSODL: 8B901682 - {8B901682-8CC1-4406-95DD-A2C7DE66099B} - C:\WINDOWS\system32\obpghmoi.dll

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

=================================

============================
Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

KillAll::

Rootkit::
c:\windows\system32\msexe.exe
c:\windows\system32\zxexe.exe
c:\windows\system32\kdexe.exe
c:\windows\Fonts\wuauclt.exe
c:\docume~1\CKSAND~1\LOCALS~1\Temp\502514
c:\program files\Internet Explorer\PowerJo.ase
c:\program files\Internet Explorer\PowerJv.ask
c:\windows\system32\odgildpe.dll
c:\windows\system32\ebhpliad.dll
c:\windows\system32\homegdpk.dll
c:\windows\system32\cockgddc.dll
c:\windows\system32\ojdnnlnf.dll
c:\windows\system32\aldoiilk.dll
c:\windows\system32\heifeado.dll
c:\windows\system32\ambiojfn.dll
c:\windows\system32\kdkdfeln.dll
c:\windows\system32\ooaddion.dll
c:\windows\system32\ndaelgfl.dll
c:\windows\system32\ccbficfi.dll
c:\windows\system32\gajdpnec.dll
c:\windows\system32\ikdapmcm.dll
c:\windows\system32\dbfkipbd.dll
c:\windows\system32\ogcmfdaf.dll
c:\windows\system32\lkknkgnk.dll
c:\windows\system32\kffoogac.dll
c:\windows\system32\akolkhck.dll
c:\windows\system32\oojlpcib.dll
c:\windows\system32\eojpchpn.dll
c:\windows\system\rund1132.exe
c:\windows\system32\drivers\pnpmem.sys
c:\windows\winsscoo.exe
c:\windows\system32\drivers\winyyy.sys
c:\windows\system32\drivers\ati4twxx.sys
c:\windows\system32\drivers\ati8quxx.sys
c:\windows\system32\drivers\ethcjxre.sys
c:\windows\fonts\alsk.sys
c:\windows\fonts\naks.sys
c:\windows\system32\dllcache\spoolsv.exe
c:\windows\system32\WanPacket.dll
c:\windows\WinShell.\daemon.exe
c:\windows\smss.exe
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\waubfe.exe
c:\program files\bccd.pif
C:\WINDOWSupdate.dll
c:\windows\system32\kdexe.exe
c:\windows\system32\waubfe.exe
c:\windows\winsscoo.exe
c:\windows\system32\drivers\winyyy.sy­s
c:\windows\system32\1957817A.dll
c:\windows\system32\1957817A.cfg
c:\windows\system32\zxexe.exe
c:\windows\system32\198FF3D8.dll
c:\windows\system32\198FF3D8.cfg
c:\windows\system32\msexe.exe
c:\windows\system32\asdfasdf
c:\windows\system32\registryboosterppcg15.exe
c:\windows\system32\wauafe.exe
c:\windows\system32\dfln.dll
c:\windows\sysinfo.tmp
c:\windows\system32\waunafe.exe
c:\windows\system32\dafln.dll
c:\windows\system32\MSPolicyAgent.dll
c:\windows\system32\types.tmp
c:\windows\system32\waumafe.exe
c:\windows\system32\waulafe.exe
c:\windows\system32\fasadf.dll
c:\windows\system32\somspring.dat
c:\windows\system32\romarshal.dat
c:\windows\system32\drivers\pnpmem.sys
c:\windows\system32\ormsgse.axz
c:\windows\system32\waukafe.exe
c:\windows\system32\flzaitian.dll
c:\windows\system32\exlds.ini
C:\FINE CRUSH LTD.doc
c:\windows\system32\drivers\52438666.txt
c:\program files\cacmchc
c:\program files\Fichiers communs\qybabiqylo.dl
c:\program files\Fichiers communs\vexomigaga._sy
c:\program files\Fichiers communs\vodeqet.ban
c:\documents and settings\All Users\Application Data\288537758
c:\windows\system32\alimoto32.exe
c:\windows\system32\RamrtwC.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
c:\windows\system32\704C3595.dll
c:\windows\system32\704C3595.cfg
c:\windows\system32\16BC0F81.dll
c:\windows\system32\16BC0F81.cfg
c:\windows\tmp.dat
c:\windows\sys.ini
c:\program files\internet explorer\plugins\icwres.dll
c:\windows\system32\aoalmieo.dll
c:\windows\system32\cbndboek.dll
c:\windows\system32\cciieood.dll
c:\windows\system32\cdcgebkf.dll
c:\windows\system32\cpnbliif.dll
c:\windows\system32\dpbfhnfj.dll
c:\windows\system32\feeckhoj.dll
c:\windows\system32\gjdochbi.dll
c:\windows\system32\ipppkhkc.dll
c:\windows\system32\mppblchp.dll
c:\windows\system32\nfbdadcc.dll
c:\windows\system32\npptools.dll
c:\windows\system32\npptools.dll
c:\windows\system32\pahklhok.dll
c:\windows\system32\pfpjhepc.dll
c:\windows\system32\piakdpih.dll
c:\windows\Temp\Perflib_Perfdata_b4.dat
c:\program files\Fichiers communs\PushWare\cpush.dll
c:\windows\Intel\baiduc.dll
c:\program files\Internet Explorer\IETimber\IETimber.dll
c:\windows\system32\dllcache\spoolsv.exe
c:\progra~1\SECURI~1\174112\Program\SERVIC~1.EXE
c:\windows\system32\7f7lMNDh.exe
c:\windows\system32\exlds.ini
c:\docume~1\CKSAND~1\LOCALS~1\temp\sys2A.tmp
c:\windows\Fonts\TIMPIatform.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\waubfe.exe
c:\windows\system32\hbfbmhof.dll
c:\windows\system32\drivers\jme.sys
E:\CC.PIF
c:\windows\WinShell..\daemon.exe
%Windir%\winsscoo.exe
c:\windows\smss.exe.vzr
c:\windows\system32\ormsgse.axz
c:\windows\winsscoo.exe.vzr
c:\windows\system32\1957817A.dll.vzr
c:\windows\system32\704C3595.dll.vzr
c:\windows\system32\4FBFD5A4.dll.vzr
c:\windows\system32\16BC0F81.dll.vzr
c:\windows\system32\16AF66EB.dll.vzr
c:\windows\system32\F65BDEC7.dll.vzr
c:\windows\system32\72B29486.cfg
c:\windows\system32\201476D0.dll
c:\windows\system32\72B29486.dll
c:\windows\system32\91C7DF6D.dll
c:\windows\system32\91C7DF6D.cfg
c:\windows\system32\wauefe.exe
c:\windows\system32\waudfe.exe
c:\windows\system32\72B29486.cfg
%Temp%\uu1.tmp
%DownloadedProgramFiles%\explorer.exe
%FontsDir%\note.exe
%FontsDir%\TIMPIatform.exe
%FontsDir%\wuauclt.exe
c:\windows\winsys.inf
c:\windows\system32\cklfknnl.dll
c:\windows\system32\eljmkpai.dll
c:\windows\system32\fdgdbfpe.dll
c:\windows\system32\hojolkkm.dll
c:\windows\system32\kfbbconb.dll
c:\windows\system32\kkhdmlij.dll
c:\windows\system32\komdjcho.dll
c:\windows\system32\lmkpocbn.dll
c:\windows\system32\mlidhbhc.dll
c:\windows\system32\nbfhfljg.dll
c:\windows\system32\obafafeo.dll
c:\windows\system32\ppblkjjp.dll

Dirlook::
c:\windows\$WIND$
c:\windows\WinShell

Fcopy::
c:\windows\system32\dllcache\ctfmon.exe | c:\windows\system32\ctfmon.exe


folder::
C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\XP_Antispyware
c:\program files\Fichiers communs\PushWare
c:\program files\cacmchc
c:\program files\uusee

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{296AB8C6-FB22-4D17-8834-064E2BA0A6F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489873CE-F3E1-44A3-8E89-04BE26BE4446}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5419706F-9AD1-49BB-A91F-EE6B62E2881E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{912F6837-CCB6-424B-BC9C-8BB5541AFB54}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11F09AFD-75AD-4E51-AB43-E09E9351CE16}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34A12A06-48C0-420D-8F11-73552EE9631A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDE9EB54-A08E-4570-B748-13F5DDB5781C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0AD3AB16-6D0E-4F04-8660-FB1F36BC2DC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F685B36-C53A-4653-9231-1DAE5736DE45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50C4CDD9-22D7-49FF-AC6D-7D4D528A3AB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE2267BD-B163-407F-9E8D-6ADEC771E7AB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MewBohoMediaPop.PopBoho]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezzAdPopup.BXLogc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MezzAdPopup.BXLogc.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NewAdPopup.ToolbarDetector.1]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINSSCOM]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSSCOM]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINSSCOM]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSSCOM]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NavvyUp"=-
"msexe.exe"=-
"zxexe.exe"=-
"kdexe.exe"=-
"Á³# L\"h'þ9Óœð3rÅWc:\\Program Files\\ISTsvc\\istsvc.exe"="=-


[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"svchstt"=-
"360safe"=-

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{8D025D9E-A5AC-49DB-968D-1F2A3C030840}"=-
"{EB1952AD-75E8-4E4E-B626-2C415DA35709}"=-
"{186E0D94-F863-43EF-9B43-38DAC43C064B}"=-
"{C8C40DDC-9B46-4266-BA0B-5AF248442C3B}"=-
"{83D7757F-4582-4300-9F03-C3D1A544A9D0}"=-
"{A6B283F7-EAC4-4110-ACAA-A2D0B85466B7}"=-
"{16BC0F81-410C-41DF-A902-1B04368BA8AE}"=-
"{704C3595-DB85-40F6-A601-8D6F346907BD}"=-
"{72B29486-39B6-4241-B234-B57DEF78302F}"=-
"{56498CB7-D245-41A3-9DD9-7872D9D4836F}"=-
"{C45F4775-961F-451D-9490-42CC1F2C960B}"=-
"{7BF1F530-0717-4520-89D2-95FC5BA900F8}"=-
"{8BAFAFE8-D7A8-4F77-B9D6-B6CBFDC1B106}"=-
"{652D1B1C-11CB-450E-8675-5DD5296E279B}"=-
"{486D3C18-A727-47BC-BF24-53324841C5AE}"=-
"{441D6523-5F45-46C1-9B82-3768B03C7728}"=-
"{4FBBC87B-C53B-460A-BDC8-65E85BDEDA48}"=-
"{18385446-70ED-4AC2-B0C5-70BB0D26A3DF}"=-
"{FD0DBF9E-7000-438E-B9E5-0C8C4F0732D5}"=-
"{E53649A2-CB52-47DD-9C51-02B35F8F9DFE}"=-
"{99B54339-0B20-4C87-B238-379CB58ADFF9}"=-


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"8D025D9E"=-
"EB1952AD"=-
"186E0D94"=-
"C8C40DDC"=-
"83D7757F"=-
"A5D82254"=-
"1E2FEAD8"=-
"A6B283F7"=-
"4D4DFE57"=-
"88ADD287"=-
"7DAE50F5"=-
"CCBF2CF2"=-
"0A3D97EC"=-
"24DA96C6"=-
"DBF429BD"=-
"80C6FDAF"=-
"54474074"=-
"4FF880AC"=-
"A48541C4"=-
"88359C2B"=-
"CC22E88D"=-
"03D8C1B2"=-
"CDC0EB4F"=-
"D9BF17F3"=-
"CB7DB8E4"= -
"C97B522F"= -
"2999414C"=-
"FEEC4183"=-
"9F931E9C"=-
"9A145184"=-
"699B5C19"=-
"A8A562E8"=-
"92A4D921"=-
"7FBDADCC"=-
"1BFB618F"=-
"56498CB7"=-
"C45F4775"=-
"7BF1F530"=-
"8BAFAFE8"=-
"652D1B1C"=-
"486D3C18"=-
"441D6523"=-
"4FBBC87B"=-
"18385446"=-
"FD0DBF9E"=-
"E53649A2"=-
"99B54339"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-
"AppInit_DLLs"=""


[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safe.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360safebox.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTIARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArSwp.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ast.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRun.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AutoRunKiller.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.COM]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Frameworkservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFUpd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GuardField.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IceSword.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASARP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kav32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kavstart.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kissvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kmailmon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPfwSvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KRegEx.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonxp.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVWSC.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\kwatch.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Mmsk.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nod32kui.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\QQDoctor.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMon.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavMonD.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Ravservice.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavStub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RavTask.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Regedit.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwmain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwProxy.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rfwsrv.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rfwstub.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsAgent.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rsaupd.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RsMain.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\rsnetsvr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RSTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Runiep.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\safeboxTray.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ScanFrm.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SREngLdr.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanDetector.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Trojanwall.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojDie.KXP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPC32.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VPTRAY.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WOPTILITIES.EXE]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c984ab7c-e6f0-11dd-8d9e-00142a50775a}] => Ligne non traitée



driver::
pnpmem
WinSSCOM
MyProt
ati4twxx
ati8quxx
ethcjxre
alsk
naks
BackWeb Client
lpdx
rnieys
MSPolicyAgent



Enregistre ce fichier sous le nom CFscript

Connecte ta clé USB (le E:\)


Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
1
Réponse 8 / 123
Utilisateur anonyme
 
Bonsoir

Multi-*infectée

============================ ToolBar S&D ===========================

Télécharger Toolbar-S&D sur le Bureau.
Important! Désactiver l'antivirus, l'antispyware résident, TeaTimer de Spybot (si présent et actif)
• Lancer l'installation du programme en ex‚cutant le fichier téléchargé.

• Pour XP Double-click sur le raccourci de Toolbar-S&D.
• Pour Vista click-Droit sur le raccourci de Toolbar-S&D et executer en administrateur

• Sélectionner la langue souhaitée en tapant la lettre correspondante
• Valider avec la touche Entrée.
• Choisir option 1 (Recherche). Le menu Démarrer et les icônes vont disparaitre, c'est normal
• Attendre la fin de la recherche qui peux prendre plusieurs minutes en ne touchant à rien.
• Copier/Coller le rapport généré. (C:\TB.txt)
• Attendre la suite.
0
Réponse 9 / 123
ROSALLY Messages postés 80 Statut Membre
 
Rebonsoir
ci-après le résumé apres vérification
je ne comprends pas les deux poinds ci-dessous du coup je les ai pas excuter....
. Copier/Coller le rapport généré. (C:\TB.txt)
• Attendre la suite.
bien a vous
Help



-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : CKS Andre SNEYAERT ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:176 Go (Free:142 Go)
D:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 20/02/2009|22:24 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\PlayMP3z
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@surfaccuracy[1].txt
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\tem1F.tmp.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsh21.tmp
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsk2A.tmp
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsz13B.tmp
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsz1EF.tmp

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(CKS Andre SNEYAERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://luck114.com"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="https://www.google.com/?gws_rd=ssl"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ ROGUES ..

C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\XP_Antispyware

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@captaincrackwhore[2].txt
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@likecrack[1].txt
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@www.captaincrackwhore[1].txt



1 - "C:\ToolBar SD\TB_1.txt" - 20/02/2009|22:26 - Option : [1]

-----------\\ Fin du rapport a 22:26:12,59
0
Réponse 10 / 123
Utilisateur anonyme
 
je ne comprends pas les deux poinds ci-dessous du coup je les ai pas excuter....
. Copier/Coller le rapport généré. (C:\TB.txt)
• Attendre la suite.

(C:\TB.txt) c'est le nom du rapport seulement et ou le trouver

• Attendre la suite.
que booddha va te donner

rien de +
bon courage pour la suite
0
Réponse 11 / 123
Utilisateur anonyme
 
======================= ToolBar S&D NETTOYAGE ======================
Le nettoyage supprime l'infection du système.

• Verifier dans ajout/suppression de programmes du panneau de configuration si la barre d'outil est présente.
• Si oui désinstaller, si non continuer la procédure

• Relancer ToolBar S&D.
• Pour XP Double-click sur le raccourci de Toolbar-S&D.
• Pour Vista click-Droit sur le raccourci de Toolbar-S&D et executer en administrateur

• Dans le menu principal, taper 2 puis valider par entrée.
• Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.
• Le nettoyage va prendre quelques minutes...
• Une fois l'opération terminée, le rapport de nettoyage s'ouvre.
• copier/coller le rapport sur le forum

• Désinstaller Hijackthis qui est mal installé. Il ne doit pas être dans un fichier temporaire.
• Le réinstaller en acceptant les paramètres d'installation par défaut.

• Poster un nouveau rapport HiJackthis

• Attendre la suite.

NOTE : Si le Bureau ne réapparait pas, appuyer simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Cliquer sur l'onglet "Processus". Cliquer en haut à gauche sur Fichier et choisir "Exécuter..."
Taper explorer puis valider.
0
ROSALLY Messages postés 80 Statut Membre
 
excuses j'avais oublié de joindre le 2eme rapport TB Toolbar S&D


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : CKS Andre SNEYAERT ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:176 Go (Free:142 Go)
D:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 20/02/2009|22:59 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\PlayMP3z
Supprime! - C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@surfaccuracy[1].txt
Supprime! - C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\tem1F.tmp.exe
Supprime! - C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsh21.tmp
Supprime! - C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsk2A.tmp
Supprime! - C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsz13B.tmp
Supprime! - C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\nsz1EF.tmp

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(CKS Andre SNEYAERT) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://luck114.com"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="https://www.google.com/?gws_rd=ssl"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At49.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At50.job
C:\WINDOWS\Tasks\At51.job
C:\WINDOWS\Tasks\At52.job
C:\WINDOWS\Tasks\At53.job
C:\WINDOWS\Tasks\At54.job
C:\WINDOWS\Tasks\At55.job
C:\WINDOWS\Tasks\At56.job
C:\WINDOWS\Tasks\At57.job
C:\WINDOWS\Tasks\At58.job
C:\WINDOWS\Tasks\At59.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At60.job
C:\WINDOWS\Tasks\At61.job
C:\WINDOWS\Tasks\At62.job
C:\WINDOWS\Tasks\At63.job
C:\WINDOWS\Tasks\At64.job
C:\WINDOWS\Tasks\At65.job
C:\WINDOWS\Tasks\At66.job
C:\WINDOWS\Tasks\At67.job
C:\WINDOWS\Tasks\At68.job
C:\WINDOWS\Tasks\At69.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At70.job
C:\WINDOWS\Tasks\At71.job
C:\WINDOWS\Tasks\At72.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ ROGUES ..

C:\DOCUME~1\CKSAND~1\MENUDM~1\PROGRA~1\XP_Antispyware

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@captaincrackwhore[2].txt
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@likecrack[1].txt
C:\DOCUME~1\CKSAND~1\Cookies\cks_andre_sneyaert@www.captaincrackwhore[1].txt



1 - "C:\ToolBar SD\TB_1.txt" - 20/02/2009|22:26 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 20/02/2009|23:00 - Option : [2]

-----------\\ Fin du rapport a 23:00:04,82
0
Réponse 12 / 123
ROSALLY Messages postés 80 Statut Membre
 
Ci-après le rapport de Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:24:56, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys29.tmp
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\Fichiers Internet temporaires\Content.IE5\BVPQNSZE\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NavvyUp] C:\Program Files\MediaChannel\Navvy 5.2\NavvyUp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
0
Réponse 13 / 123
Utilisateur anonyme
 
================== MalwareBytes =====================

Telecharger MalwareBytes

Le Tutorial

Attention à ce que l'option Executer un examen rapide soit cochée

Ne pas oublier de supprimer tout ce que MalwaresByte trouve. Bouton Supprimer la sélection après avoir tout sélectionné

Poster le rapport et un nouveau rapport HiJackThis après l'avoir désinstaller et réinstaller comme déjà demandé dans le message N° 4
0
ROSALLY Messages postés 80 Statut Membre
 
ci-après rapport de Malwarebyte's
merci


Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1782
Windows 5.1.2600 Service Pack 3

21/02/2009 00:17:26
mbam-log-2009-02-21 (00-17-26).txt

Type de recherche: Examen rapide
Eléments examinés: 89252
Temps écoulé: 12 minute(s), 59 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 93
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 28

Processus mémoire infecté(s):
C:\WINDOWS\Fonts\wuauclt.exe (Spyware.OnlineGames) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\Fichiers communs\PushWare\cpush0.dll (Trojan.Clicker) -> Delete on reboot.
C:\Program Files\Internet Explorer\IETimber\IETimber.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\Intel\baiduc.dll (Adware.Cinmus) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mewbogomediapop.popbogo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbogomediapop.popbogo.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbohomediapop.popboho (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbohomediapop.popboho.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezsadpopup.bwlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezsadpopup.bwlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezzadpopup.bxlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezzadpopup.bxlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{065683c4-c71a-47f1-830b-7d9309d3913d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ff78efd-0213-4a73-ac23-6a489190dbfb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{489873ce-f3e1-44a3-8e89-04be26be4446} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{489873ce-f3e1-44a3-8e89-04be26be4446} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873ce-f3e1-44a3-8e89-04be26be4446} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contentmatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\newpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\360safe (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\PushWare (Adware.CPush) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\Fonts\wuauclt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\PushWare\cpush0.dll (Trojan.Clicker) -> Delete on reboot.
C:\Program Files\Internet Explorer\IETimber\IETimber.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\Intel\baiduc.dll (Adware.Cinmus) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\svchost.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys22D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys27B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys288.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys29.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys295.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys1E.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys1EA.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys1BC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys24F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys1FB.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys200.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys2A2.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys25B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys26D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys26F.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\E9B7FYJ1\1[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sys249.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\1[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\UF096X0F\1[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\PushWare\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Adware.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\acpidisk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 14 / 123
ROSALLY Messages postés 80 Statut Membre
 
Rapport de Hijackthis
j'espère que j'été bonne élève parce que moi et l'informatique nous sommes deux
merci



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:40, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\sys1E.tmp
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\orz.exe
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\3J3A4KDM\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://luck114.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system\rund1132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\rund1132.exe,
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush0.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: IETimber - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\Internet Explorer\IETimber\IETimber.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Rankey Toolbar(&N) - {C4672F26-5862-40FE-94B8-7B35285DAF82} - C:\Program Files\MediaChannel\Navvy 5.2\NavvyTB.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\FenUnika.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [OaZeC] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Á³#  L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\hxyjlul.exe
O4 - HKLM\..\Run: [Yhyjczvn] C:\Program Files\Xkljec\Bsnub.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NavvyUp] C:\Program Files\MediaChannel\Navvy 5.2\NavvyUp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [Livecom] "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [cmdhlpadm] C:\WINDOWS\system32\vkvadezy.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
O4 - HKLM\..\Policies\Explorer\Run: [user] C:\WINDOWS\WinShell..\daemon.exe
O4 - HKLM\..\Policies\Explorer\Run: [360safe] C:\WINDOWS\Fonts\wuauclt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: xrkfgusi - xrkfgusi32.dll (file missing)
O23 - Service: Securitoo AntiVirus (BackWeb Client - 174112) - Unknown owner - C:\PROGRA~1\SECURI~1\174112\Program\SERVIC~1.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
0
Réponse 15 / 123
ROSALLY Messages postés 80 Statut Membre
 
je pense qu'il est temps d'aller faire dodo
je vous souhaite une très bonne nuit
et a demain pour la suite
merci encore mille fois
0
Réponse 16 / 123
Utilisateur anonyme
 
Oki

On a bien avancé.

Ne pas oublier de réinstaller proprement HiJackthis comme demandé au message N° 4 avant d'envoyer un nouveau rapport.

Je serais absent jusqu'à 11 ou 12 heures demain matin.

Bonne nuit
0
ROSALLY Messages postés 80 Statut Membre
 
bonjour booddha

pour hijackthis je l'avais désinstalé et réinstalé comme vous m'avais dis et j'ai posté le rapport
je ne sais pas si vous l'avez vu ou pas
dois je refaire l'opération ?

Remarque : en lancant internet explorer ce matin j'ai eu le même probleme qu'avant càd la même page d'accueil
site chinois....

rosally
0
Réponse 17 / 123
ROSALLY Messages postés 80 Statut Membre
 
ci-après rapport de SmitfraudFix
c'était pas evident pour moi mais enfin j'ai réussi

pour Hijackthis : je laisse faire le system, je n'interviens plus je laisse faire l'excution automatiquement
je recommence et je vous vous poste le rapport

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\122863
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\415976
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\531060
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\2403628
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system32\wauafe.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\WScript.exe
0
Réponse 18 / 123
ROSALLY Messages postés 80 Statut Membre
 
Il devrait être dans un dossier Program Files > Trend Micro > Hijackthis.

suite à vos instructions j'ai réinstalé Hijackthis en suivant le plan ci-dessus
mais la je n'arrive pas à le lancer j'ai un essage qui me dit :

Windows ne rouve pas 'c:\Program Files\Trend Micro\Hijackthis\Hijackthis.exe' vérifier que vous avez rentré le nom correctement et essayer à nouveau. pour un fichier, cliquez sur le dossier Démarrer, puis sur rechercher.
0
Réponse 19 / 123
Utilisateur anonyme
 
Non, je ne vois pas de rapport smitfraud. Ou alors il est incomplet

Le mieux est d'en refaire un et le poster, le site merdoie pas mal aujourd'hui.
0
ROSALLY Messages postés 80 Statut Membre
 
re bonjour

rapport du SmitfraudFix => message 14

Rapport Hijackthis => message 19
merci a toi
0
ROSALLY Messages postés 80 Statut Membre
 
bonjour Booddha

SOS
j'ai pas encore pas resolu mon probleme
si tu peux poursuivre avec moi tu sera simpa
merci d'avance
0
ROSALLY Messages postés 80 Statut Membre
 
bonsoir Booddha

je vois que tu m'as posté un message à 22h02 mais il ne s'affiche pas
probleme de site que quoi ?
0
Réponse 20 / 123
crapoulou Messages postés 42848 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 017
 
Salut Rosally,
Pour avancer :
Ton rapport smitfraudfix n'est pas complet.
Reposte le.
Il devrais se situer ici :
C:\rapport.txt
0
ROSALLY Messages postés 80 Statut Membre
 
bonjour crapoulou

j'ai relance Smitfraudfix mais je ne vois pas le rapport
je ne trouve pas le rapport

c quoi c:\rapport.txt
d'haibtude il est sur la même page !!!!!!!!
0
ROSALLY Messages postés 80 Statut Membre
 
c'est bon j'ai toruvé
le voici le rapport

SmitFraudFix v2.398

Rapport fait à 18:43:13,50, 23/02/2009
Executé à partir de C:\Documents and Settings\CKS Andre SNEYAERT\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system\rund1132.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\rund1132.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\common32.exe
C:\WINDOWS\WinShell.\daemon.exe
C:\WINDOWS\Fonts\wuauclt.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\Fonts\TIMPIatform.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\winsscoo.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MediaChannel\Navvy 5.2\NavvyMan.exe
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\131144
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\567889
C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp\2438112
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\smss.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CKS Andre SNEYAERT


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CKSAND~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CKS Andre SNEYAERT\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CKSAND~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
0
ROSALLY Messages postés 80 Statut Membre
 
en plus ci-après le rapport de Malwarebyes
merci d'avance


Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1782
Windows 5.1.2600 Service Pack 3

23/02/2009 20:13:39
mbam-log-2009-02-23 (20-13-39).txt

Type de recherche: Examen rapide
Eléments examinés: 96517
Temps écoulé: 19 minute(s), 46 second(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 97
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 78

Processus mémoire infecté(s):
C:\WINDOWS\Fonts\wuauclt.exe (Spyware.OnlineGames) -> Unloaded process successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\131144 (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2438112 (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\anymie360.dll (Trojan.OnLineGames) -> Delete on reboot.
C:\Program Files\Fichiers communs\PushWare\cpush0.dll (Trojan.Clicker) -> Delete on reboot.
C:\Program Files\Internet Explorer\IETimber\IETimber.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\201476D0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\DA63E650.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\Intel\baiduc.dll (Adware.Cinmus) -> Delete on reboot.
C:\WINDOWS\system32\pjjkimko.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mewbogomediapop.popbogo (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{de2267bd-b163-407f-9e8d-6adec771e7ab} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0ad3ab16-6d0e-4f04-8660-fb1f36bc2dc0} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2f685b36-c53a-4653-9231-1dae5736de45} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{50c4cdd9-22d7-49ff-ac6d-7d4d528a3ab2} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11f09afd-75ad-4e51-ab43-e09e9351ce16} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{34a12a06-48c0-420d-8f11-73552ee9631a} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cde9eb54-a08e-4570-b748-13f5ddb5781c} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbogomediapop.popbogo.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbohomediapop.popboho (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mewbohomediapop.popboho.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezsadpopup.bwlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezsadpopup.bwlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezzadpopup.bxlogc (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mezzadpopup.bxlogc.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\newadpopup.toolbardetector.1 (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{065683c4-c71a-47f1-830b-7d9309d3913d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ff78efd-0213-4a73-ac23-6a489190dbfb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{489873ce-f3e1-44a3-8e89-04be26be4446} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{489873ce-f3e1-44a3-8e89-04be26be4446} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{489873ce-f3e1-44a3-8e89-04be26be4446} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar_bho.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{385ab8c4-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{201476d0-2b18-462e-ab9f-3e2b0cc8732b} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{da63e650-537c-4042-87bb-9d19d844680b} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{385ab8c5-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{296ab8c6-fb22-4d17-8834-064e2ba0a6f0} (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\contentmatch (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiffei (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpidisk (Adware.Cinmus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{93342648-85e4-41e3-ac47-dd091315da57} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\newpush (Adware.CPush) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\cpush (Adware.CPush) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MicroPlugins (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IDSCNP (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmon.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVmonD.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTray.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavService.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\acpidisk (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\360safe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{201476d0-2b18-462e-ab9f-3e2b0cc8732b} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{da63e650-537c-4042-87bb-9d19d844680b} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Alcmtr (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{93342648-85e4-41e3-ac47-dd091315da57} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\93342648 (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Fichiers communs\PushWare (Adware.CPush) -> Delete on reboot.

Fichier(s) infecté(s):
C:\WINDOWS\system32\anymie360.dll (Trojan.OnLineGames) -> Delete on reboot.
C:\WINDOWS\Fonts\wuauclt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\131144 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2438112 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anymie360.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\PushWare\cpush0.dll (Trojan.Clicker) -> Delete on reboot.
C:\Program Files\Internet Explorer\IETimber\IETimber.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\201476D0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\DA63E650.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\Intel\baiduc.dll (Adware.Cinmus) -> Delete on reboot.
C:\WINDOWS\Tasks\1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\svchost.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\102847 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\105910 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\11231237 (Trojan.Ducky) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\11585254 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\11693854 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\11716247 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\11858507 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\123972 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\240528 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\431460 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\4713862 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\4837191 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\485944 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\b00278.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\b72a.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\bd54.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\25fa0b.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2603932 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2625950 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2626026 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2654ce.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2696019 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2747257 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2768538 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\ace9.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\ae31.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys27B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys26C.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys26D.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys335.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys338.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\239356 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\375335 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\395554 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2773011 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2794919 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\288faa.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys2CC.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys3D1.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys2E7.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2907616 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\296309 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\247026 (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2487941 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2525910 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\2549535 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\255417.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys3BB.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temp\sys3C3.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\RKL7KB36\new9[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\RKL7KB36\new11[2].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\RKL7KB36\new12[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\RKL7KB36\new23[1].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\T5FRXBPY\new4[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\T5FRXBPY\new7[2].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\T5FRXBPY\new8[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\HHBIBUD1\new14[2].exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\HHBIBUD1\new19[1].exe (Trojan.OnLineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\HHBIBUD1\new19[2].exe (Trojan.OnLineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\CKS Andre SNEYAERT\Local Settings\Temporary Internet Files\Content.IE5\HHBIBUD1\gr[2].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\PushWare\Uninst.exe (Adware.CPush) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mscpx32r.det (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\smss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mprmsgse.axz (Adware.Cinmus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pjjkimko.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\drivers\acpidisk.sys (Trojan.Agent) -> Quarantined and deleted successfully.
0

Discussions similaires

Erreur de lecture sur iptv smarters
Bogs -
bazfile -

1 réponse
Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
Erreur de lecture des tv film et series sur mon appli iptv smarters pro
Constantenzostanley -
glandu -

1 réponse