Virus trojan (rapport Kapersky)

fab21200 Messages postés 278 Statut Membre -  
 Utilisateur anonyme -
Bonjour, voila je vien de faire une analyse avec Kapersky 2009 (version evaluation) suite au rapport j'ai ceval de troie, trojan, comment puis je reparé ca ? et est ce possible avec seulement la version d'evaluation. bien sur par la suite j'acheterais la version complete mais j'attend de voir si ca marche bien, merci de votre aide
Configuration: Windows XP
Internet Explorer 6.0

55 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un utilisateur signale qu'une analyse avec Kaspersky 2009 (version d'évaluation) détecte un cheval de Troie et demande comment réparer la menace avec une version d'essai. Plusieurs réponses évoquent des mises à jour critiques comme XP SP3, Java et Adobe Reader, afin de combler des failles et de faciliter le nettoyage, même avec une version limitée. D'autres proposent des outils de dépistage et de nettoyage comme OTMoveIt3 et Ad-Remover, parfois complétés par Navilog ou HijackThis, pour obtenir des rapports et guider les actions de suppression. En dernier point, la conversation souligne la nécessité de relancer des analyses après chaque étape et de vérifier les rapports afin d'éviter de laisser une infection ou une porte d'entrée non traitée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Relance un dernier rapport hijackthis stp (comme au post 1 )
    on arrive au bout
    1
  2. Utilisateur anonyme
     
    Et a regarder ton dernier rapport tu n'as pas fais les mises a jours que je t'ai demandé, c'est une faille de securité !!!

    MAJ XP3: https://www.commentcamarche.net/telecharger/systemes-d-exploitation/20759-sp3-windows-xp/

    MAJ JAVA : https://www.commentcamarche.net/telecharger/developpement/12917-java-runtime-environment/

    MAJ IE8 : http://www.commentcamarche.net/actualites/internet-explorer-8-disponible-des-aujourd-hui-5848528-actualite.php3

    MAJ ADOBE : https://www.commentcamarche.net/telecharger/bureautique/2625-adobe-reader/
    1
  3. Utilisateur anonyme
     
    slt
    avant de penser aux virus commence par mettre internet explorer a jour !
    (c'est une faille de securité)

    sinon

    Pour analyser ton pc, télécharges le fichier d'installation
    HIJACKTHIS

    Enregistre HJTInstall.exe sur ton bureau.

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout" (ou fais ctrl A), puis sur "Edition -> Copier" pour copier tout le contenu du rapport et poste le dans ton prochain message

    A LIRE : Tutoriaux

    (ne fixe rien pour le moment !! cela pourrait empêcher ton PC de fonctionner correctement)

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    0
  4. fab21200 Messages postés 278 Statut Membre 10
     
    Merci, voici le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:15:53, on 26/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
    O1 - Hosts: 82.98.235.133 speed-runner.com
    O1 - Hosts: 82.98.235.133 url.adtrgt.com
    O1 - Hosts: 82.98.235.133 us.mcafee.com
    O1 - Hosts: 82.98.235.133 www.my-etrust.com
    O1 - Hosts: 82.98.235.133 www.symantec.com
    O1 - Hosts: 82.98.235.133 www.winmx.com
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKLM\..\Run: [ac67ce11] rundll32.exe "C:\WINDOWS\system32\winnbhna.dll",b
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f8f1310837334c7d8099522422c1eda0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f8f1310837334c7d8099522422c1eda0
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll mvlafr.dll
    O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe (file missing)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    il ya plusieurs infections !

    commence par ca :

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  7. fab21200 Messages postés 278 Statut Membre 10
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
    BIOS : Award Modular BIOS v6.00PG
    USER : Fabrice ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
    Firewall : Norton Internet Security 2007 (Activated)
    C:\ (Local Disk) - NTFS - Total:186 Go (Free:38 Go)
    D:\ (USB)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 26/03/2009|16:46 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar
    C:\Program Files\AskTBar\PopSwatr
    C:\Program Files\AskTBar\SrchAstt
    C:\Program Files\AskTBar\bar\1.bin
    C:\Program Files\AskTBar\bar\Cache
    C:\Program Files\AskTBar\bar\History
    C:\Program Files\AskTBar\bar\Settings
    C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
    C:\Program Files\AskTBar\bar\Cache\0160C498
    C:\Program Files\AskTBar\bar\Cache\0160C89F
    C:\Program Files\AskTBar\bar\Cache\0160CA74.bin
    C:\Program Files\AskTBar\bar\Cache\0160CC0A.bin
    C:\Program Files\AskTBar\bar\Cache\0160CDB0.bin
    C:\Program Files\AskTBar\bar\Cache\files.ini
    C:\Program Files\AskTBar\bar\History\search2
    C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
    C:\Program Files\AskTBar\PopSwatr\History
    C:\Program Files\AskTBar\PopSwatr\History\allowed
    C:\Program Files\AskTBar\PopSwatr\History\notallow
    C:\Program Files\AskTBar\SrchAstt\1.bin
    C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    C:\Program Files\Crawler
    C:\Program Files\Crawler\Download
    C:\Program Files\Crawler\Toolbar
    C:\Program Files\Crawler\Toolbar\adrkeys.dat
    C:\Program Files\Crawler\Toolbar\Cache
    C:\Program Files\Crawler\Toolbar\Cache(2)
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)
    C:\Program Files\Crawler\Toolbar\confirm.dat
    C:\Program Files\Crawler\Toolbar\ctbcomm.dll
    C:\Program Files\Crawler\Toolbar\ctbr.dll
    C:\Program Files\Crawler\Toolbar\CTConf.dat
    C:\Program Files\Crawler\Toolbar\CTipsDef.dll
    C:\Program Files\Crawler\Toolbar\CToolbar.exe
    C:\Program Files\Crawler\Toolbar\CUpdate.exe
    C:\Program Files\Crawler\Toolbar\Languages
    C:\Program Files\Crawler\Toolbar\lookfor.dat
    C:\Program Files\Crawler\Toolbar\majorse.dat
    C:\Program Files\Crawler\Toolbar\rootmenu.dat
    C:\Program Files\Crawler\Toolbar\services.dat
    C:\Program Files\Crawler\Toolbar\STWSGLanguageAct
    C:\Program Files\Crawler\Toolbar\svc_set.dat
    C:\Program Files\Crawler\Toolbar\TBR5LanguageAct
    C:\Program Files\Crawler\Toolbar\TempDir
    C:\Program Files\Crawler\Toolbar\Update
    C:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
    C:\Program Files\Crawler\Toolbar\WSGData
    C:\Program Files\Crawler\Toolbar\Cache\COMMON
    C:\Program Files\Crawler\Toolbar\Cache\STWSG
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_BMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\SHOP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\TRAVEL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\WAYBACK_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\WP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\COMMON\YP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_BMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\DIRLIST_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\DIRLIST_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\SHOP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\TRAVEL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\WAYBACK_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\WP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\YP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\STWSG(2)
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\CLEANUP_BMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\CLEANUP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\CLEANUP_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\DIRLIST_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\DIRLIST_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\ECARDS_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\ECARDS_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\EMAIL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\GAMES_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\GAMES_MENU.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\SHOP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\SPELL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\TRAVEL_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\WAYBACK_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\WP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\COMMON(2)\YP_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\STWSG(2)\WSGBUTTON_BMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\STWSG(2)\WSGBUTTON_CHBMP.dat
    C:\Program Files\Crawler\Toolbar\Cache(3)(2)\STWSG(2)\WSGBUTTON_MENU.dat
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_CS.cab
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_DE.cab
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_EN.cab
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_ES.cab
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_IT.cab
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
    C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_CS.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_DE.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_EN.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_ES.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_IT.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_IT.cab.old
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT.cab
    C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT.cab.old
    C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\info.ini
    C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\language.ini
    C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\info.ini
    C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\language.ini
    C:\Program Files\Crawler\Toolbar\Update\domains.cab
    C:\Program Files\Crawler\Toolbar\WSGData\domains
    C:\Program Files\Crawler\Toolbar\WSGData\userData_S-1-5-21-1935655697-796845957-725345543-1005.dat
    C:\Program Files\Crawler\Toolbar\WSGData\wfilter.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_030.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_031.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
    C:\Program Files\Crawler\Toolbar\WSGData\domains\index.dat
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
    C:\WINDOWS\System32\winnbhna.dll

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Search Bar"="https://www.orange.fr/portail"
    "Start Page"="https://www.orange.fr/portail"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
    "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
    "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"

    --------------------\\ Recherche d'autres infections

    C:\Program Files\MessengerSkinner
    C:\Program Files\MessengerSkinner\Conditions g‚n‚rales.url
    C:\Program Files\MessengerSkinner\Confidentialit‚.url
    C:\Program Files\MessengerSkinner\download
    C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
    C:\Program Files\MessengerSkinner\resources
    C:\Program Files\MessengerSkinner\updates
    C:\Program Files\MessengerSkinner\Website.url
    C:\DOCUME~1\Fabrice\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\Fabrice\APPLIC~1\MessengerSkinner\Userdata
    C:\DOCUME~1\Fabrice\LOCALS~1\Temp\Pack.epk
    C:\WINDOWS\System32\nvs2.inf

    C:\DOCUME~1\Fabrice\LOCALS~1\APPLIC~1\hwecouuwdo.dat
    C:\DOCUME~1\Fabrice\LOCALS~1\APPLIC~1\hwecouuwdo_nav.dat
    C:\DOCUME~1\Fabrice\LOCALS~1\APPLIC~1\hwecouuwdo_navps.dat
    [b]==> EGDACCESS <==/b

    C:\WINDOWS\system32\ssCffMoq.ini
    C:\WINDOWS\system32\ssCffMoq.ini2
    C:\WINDOWS\system32\xxGPVvut.ini
    C:\WINDOWS\system32\xxGPVvut.ini2
    C:\WINDOWS\system32\qoMffCss.dll.vir
    C:\WINDOWS\system32\tuvVPGxx.dll
    [b]==> VUNDO <==/b

    1 - "C:\ToolBar SD\TB_1.txt" - 26/03/2009|16:49 - Option : [1]

    -----------\\ Fin du rapport a 16:49:56,39
    0
  8. Utilisateur anonyme
     
    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

    ! Ne ferme pas la fenêtre lors de la suppression !

    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    et remets un nouveau rapport hijackthis stp :)
     
    0
  9. fab21200 Messages postés 278 Statut Membre 10
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
    BIOS : Award Modular BIOS v6.00PG
    USER : Fabrice ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
    Firewall : Norton Internet Security 2007 (Activated)
    C:\ (Local Disk) - NTFS - Total:186 Go (Free:39 Go)
    D:\ (USB)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 26/03/2009|17:15 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\AskTBar\bar
    Supprime! - C:\Program Files\AskTBar\PopSwatr
    Supprime! - C:\Program Files\AskTBar\SrchAstt
    Supprime! - C:\Program Files\Crawler\Download
    Echec ! - C:\Program Files\Crawler\Toolbar
    Echec ! - C:\Program Files\Crawler\Toolbar\Cache(2)
    Echec ! - C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)
    Echec ! - C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\WAYBACK_CHBMP.dat
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Crawler Toolbar
    Echec ! - C:\WINDOWS\System32\winnbhna.dll
    Supprime! - C:\Program Files\AskTBar
    Echec ! - C:\Program Files\Crawler

    -----------\\ DEUXIEME PASSAGE

    Echec ! - C:\Program Files\Crawler\Toolbar
    Echec ! - C:\Program Files\Crawler\Toolbar\Cache(2)
    Echec ! - C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)
    Echec ! - C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\WAYBACK_CHBMP.dat
    Echec ! - C:\WINDOWS\System32\winnbhna.dll
    Echec ! - C:\Program Files\Crawler

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\Crawler
    C:\Program Files\Crawler\Toolbar
    C:\Program Files\Crawler\Toolbar\Cache(2)
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)
    C:\Program Files\Crawler\Toolbar\Cache(2)\COMMON(2)\WAYBACK_CHBMP.dat
    C:\WINDOWS\System32\winnbhna.dll

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Search Bar"="https://www.orange.fr/portail"
    "Start Page"="https://www.orange.fr/portail"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"
    "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60327"
    "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327"

    --------------------\\ Recherche d'autres infections

    C:\Program Files\MessengerSkinner
    C:\Program Files\MessengerSkinner\Conditions g‚n‚rales.url
    C:\Program Files\MessengerSkinner\Confidentialit‚.url
    C:\Program Files\MessengerSkinner\download
    C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll
    C:\Program Files\MessengerSkinner\resources
    C:\Program Files\MessengerSkinner\updates
    C:\Program Files\MessengerSkinner\Website.url
    C:\DOCUME~1\Fabrice\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\Fabrice\APPLIC~1\MessengerSkinner\Userdata
    C:\DOCUME~1\Fabrice\LOCALS~1\Temp\Pack.epk
    C:\WINDOWS\System32\nvs2.inf

    C:\DOCUME~1\Fabrice\LOCALS~1\APPLIC~1\hwecouuwdo.dat
    C:\DOCUME~1\Fabrice\LOCALS~1\APPLIC~1\hwecouuwdo_nav.dat
    C:\DOCUME~1\Fabrice\LOCALS~1\APPLIC~1\hwecouuwdo_navps.dat
    [b]==> EGDACCESS <==/b

    C:\WINDOWS\system32\ssCffMoq.ini
    C:\WINDOWS\system32\ssCffMoq.ini2
    C:\WINDOWS\system32\xxGPVvut.ini
    C:\WINDOWS\system32\xxGPVvut.ini2
    C:\WINDOWS\system32\qoMffCss.dll.vir
    C:\WINDOWS\system32\tuvVPGxx.dll
    [b]==> VUNDO <==/b

    1 - "C:\ToolBar SD\TB_1.txt" - 26/03/2009|16:49 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 26/03/2009|17:20 - Option : [2]

    -----------\\ Fin du rapport a 17:20:37,00
    0
  10. Utilisateur anonyme
     
    y'a encore du boulot ;)

    Télécharge maintenant Navilog1 (de IL-MAFIOSO) depuis-ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton Bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, lance Navilog depuis le raccourci présent sur le Bureau

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message : "Analyse Termine le..."
    Appuie sur une touche, le bloc note va s'ouvrir.
    Copie-colle l'intégralité du rapport ici.
    0
  11. fab21200 Messages postés 278 Statut Membre 10
     
    Search Navipromo version 3.7.6 commencé le 26/03/2009 à 17:36:29,12

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
    BIOS : Award Modular BIOS v6.00PG
    USER : Fabrice ( Administrator )
    BOOT : Normal boot

    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
    Firewall : Norton Internet Security 2007 (Activated)

    C:\ (Local Disk) - NTFS - Total:186 Go (Free:39 Go)
    D:\ (USB)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)

    Recherche executé en mode normal

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Fabrice\applic~1" ***

    ...\MessengerSkinner trouvé !

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Fabrice\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Fabrice\menudm~1\progra~1" ***

    ...\MessengerSkinner trouvé !

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Fabrice\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    *** Recherche fichiers ***

    C:\Documents and Settings\Fabrice\locals~1\Temp\pack.epk trouvé !
    C:\WINDOWS\system32\nvs2.inf trouvé !

    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!

    HKEY_CURRENT_USER\Software\Lanconfig

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Fabrice\locals~1\applic~1" :

    hwecouuwdo.dat trouvé !
    hwecouuwdo_nav.dat trouvé !
    hwecouuwdo_navps.dat trouvé !

    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup trouvé !
    Certificat Electronic-Group trouvé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit trouvé !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :

    C:\WINDOWS\system32\ssCffMoq.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\xxGPVvut.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !

    *** Analyse terminée le 26/03/2009 à 17:46:43,34 ***
    0
  12. Utilisateur anonyme
     
    tres bien,

    relance navilog mais cette fois choisis l'option 2 (nettoyage) et postes le rapport stp

    si l'outil te demande de redemarrer , fais le :)

    0
  13. fab21200 Messages postés 278 Statut Membre 10
     
    voici rapport apres redemarrage

    Clean Navipromo version 3.7.6 commencé le 26/03/2009 à 18:04:10,46

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
    BIOS : Award Modular BIOS v6.00PG
    USER : Fabrice ( Administrator )
    BOOT : Normal boot

    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
    Firewall : Norton Internet Security 2007 (Activated)

    C:\ (Local Disk) - NTFS - Total:186 Go (Free:39 Go)
    D:\ (USB)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS

    Nettoyage exécuté au redémarrage de l'ordinateur

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *

    * Suppression dans "C:\Documents and Settings\Fabrice\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    *** Suppression dossiers dans "C:\WINDOWS" ***

    *** Suppression dossiers dans "C:\Program Files" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Fabrice\applic~1" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !

    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Fabrice\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Fabrice\menudm~1\progra~1" ***

    ...\MessengerSkinner ...suppression...
    ...\MessengerSkinner supprimé !

    *** Suppression fichiers ***

    C:\Documents and Settings\Fabrice\locals~1\Temp\pack.epk supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Fabrice\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :

    * Dans "C:\WINDOWS\system32" *

    * Dans "C:\Documents and Settings\Fabrice\locals~1\applic~1" *

    hwecouuwdo.dat trouvé !
    Copie hwecouuwdo.dat réalisée avec succès !
    hwecouuwdo.dat supprimé !

    hwecouuwdo_nav.dat trouvé !
    Copie hwecouuwdo_nav.dat réalisée avec succès !
    hwecouuwdo_nav.dat supprimé !

    hwecouuwdo_navps.dat trouvé !
    Copie hwecouuwdo_navps.dat réalisée avec succès !
    hwecouuwdo_navps.dat supprimé !

    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit supprimé !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***

    C:\WINDOWS\system32\ssCffMoq.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !
    C:\WINDOWS\system32\xxGPVvut.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !

    *** Nettoyage terminé le 26/03/2009 à 18:16:40,67 ***
    0
  14. Utilisateur anonyme
     
    tres bien , ca fait du menage :)

    maintenant pour voir s'il ne reste "que" vundo

    relance un rapport hijackthis stp (comme au post1)
    0
  15. fab21200 Messages postés 278 Statut Membre 10
     
    si j'ai bien compris, voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:33:52, on 26/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
    O1 - Hosts: 82.98.235.133 speed-runner.com
    O1 - Hosts: 82.98.235.133 url.adtrgt.com
    O1 - Hosts: 82.98.235.133 us.mcafee.com
    O1 - Hosts: 82.98.235.133 www.my-etrust.com
    O1 - Hosts: 82.98.235.133 www.symantec.com
    O1 - Hosts: 82.98.235.133 www.winmx.com
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKLM\..\Run: [ac67ce11] rundll32.exe "C:\WINDOWS\system32\winnbhna.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f8f1310837334c7d8099522422c1eda0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f8f1310837334c7d8099522422c1eda0
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll mvlafr.dll
    O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe (file missing)
    0
  16. Utilisateur anonyme
     
    merci, le temps que je regarde ton rapport, j'ai oublié une petite manip a faire suite a navilog :

    Cliquez sur menu Démarrer puis Panneau de configuration
    Double-clicque sur Options Internet
    Cliquez sur l'onglet Contenu puis sur Certificats, dans la colonne Editeurs approuvés, supprimes si présent :

    electronic-group
    egroup
    Montorgueil
    VIP
    "Sunny Day Design Ltd"
    OOO-Favorit


    je regarde ton rapport et j te donne la suite ;)

    0
  17. fab21200 Messages postés 278 Statut Membre 10
     
    j'ai fait la manip ci dessus et rien a supprimé !
    0
  18. Utilisateur anonyme
     
    bon maintenant

    Imprime ces instructions ou sauvegarde les sur ton Bureau car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    Télécharge Malwarebytes’ Anti-Malware

    - Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware
    - Enregistres le sur le bureau
    - Double cliques sur le fichier téléchargé pour lancer le processus d’installation
    - Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware
    - Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
    - Une fois la mise à jour terminée, ferme Malwarebytes
    - Double-cliques sur l’icône de malwarebytes pour le relancer
    - Dans l’onglet, Recherche, probablement ouvert par défaut,
    - Sélectionne Exécuter un examen complet
    - Clique sur Rechercher
    - Le scan démarre (il peut durer un bon moment)
    - A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
    - Cliques sur Ok pour poursuivre.
    - Si des malwares ont été détectés, cliques sur Afficher les résultats
    - Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    - Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
    - Rends toi dans l’onglet rapport/log
    - Tu cliques dessus pour l’afficher une fois affiché
    - Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
    - Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
    - Tu cliques droit dans le cadre de la réponse et coller

    Si tu as besoin d’aide regarde ce tutorial

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    0
  19. fab21200 Messages postés 278 Statut Membre 10
     
    ca a été long

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1902
    Windows 5.1.2600 Service Pack 2

    26/03/2009 19:36:51
    mbam-log-2009-03-26 (19-36-51).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 133912
    Temps écoulé: 39 minute(s), 25 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 167

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\tuvVPGxx.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\winnbhna.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\mvlafr.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nnnKEVMe.dll (Trojan.Vundo.H) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20fb64fd-3346-4267-b81f-238194f513db} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20fb64fd-3346-4267-b81f-238194f513db} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkevme (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2a0cca-eb10-4587-b7b1-9369948c6f14} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{fe2a0cca-eb10-4587-b7b1-9369948c6f14} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{20fb64fd-3346-4267-b81f-238194f513db} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fe2a0cca-eb10-4587-b7b1-9369948c6f14} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ac67ce11 (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvpgxx -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvvpgxx -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\mvlafr.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nnnKEVMe.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\tuvVPGxx.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\xxGPVvut.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\xxGPVvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winnbhna.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\anhbnniw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Fabrice\Local Settings\Temp\tzk7okhk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0284409.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0295017.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0296016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0296019.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0297016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0297019.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0298030.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0299034.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0299037.sys (Rootkit.SpamTool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0299040.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP333\A0299033.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314437.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314431.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314435.sys (Rootkit.SpamTool) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314436.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314482.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314484.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314486.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314493.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314494.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314495.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314505.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314506.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314507.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314508.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314518.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314519.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314602.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314603.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314607.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314608.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314610.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314625.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314626.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314627.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314628.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314630.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314633.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314635.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314636.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314637.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314639.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314640.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314641.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314646.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314647.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314649.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314651.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314652.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314654.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314656.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314657.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314658.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314659.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314661.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314663.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314664.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314668.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314674.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314675.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314679.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314762.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314766.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314770.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314773.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314776.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314784.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314787.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314788.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314800.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314803.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314642.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314678.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314804.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314822.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314806.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314807.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314809.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314819.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314821.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314834.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314867.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP334\A0314868.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP336\A0315422.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP336\A0315556.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP336\A0315588.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315634.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315654.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315655.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315656.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315657.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315658.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315659.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315669.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315674.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315675.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315676.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315690.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315691.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315692.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315612.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP337\A0315668.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP338\A0316598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP338\A0316599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP338\A0316994.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0317996.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318017.exe (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318049.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318050.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318051.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318055.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318056.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318057.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318072.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318073.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0318048.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0319068.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0319070.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP340\A0319074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{6F641B3C-BF3C-412D-BB26-625136DEA250}\RP348\A0327394.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\ToolBar SD\Backup-TB\WINDOWS\system32\winnbhna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pokitiwi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ztwfeo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ntmbxgyb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jiavpppi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bolijida.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\Temp\rzibehr.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\twain32\user.ds.lll (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMffCss.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    0
  20. Utilisateur anonyme
     
    - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    - Double-clique sur RSIT.exe afin de lancer le programme.

    - Clique sur Continue à l'écran Disclaimer.

    - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  21. fab21200 Messages postés 278 Statut Membre 10
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Fabrice at 2009-03-26 20:09:37
    Microsoft Windows XP Édition familiale Service Pack 2
    System drive C: has 66 GB (35%) free of 191 GB
    Total RAM: 479 MB (44% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:40, on 26/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam\Quickcam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Fabrice\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Fabrice.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 securityresponse.symantec.com
    O1 - Hosts: 82.98.235.133 speed-runner.com
    O1 - Hosts: 82.98.235.133 url.adtrgt.com
    O1 - Hosts: 82.98.235.133 us.mcafee.com
    O1 - Hosts: 82.98.235.133 www.my-etrust.com
    O1 - Hosts: 82.98.235.133 www.symantec.com
    O1 - Hosts: 82.98.235.133 www.winmx.com
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {92D09BA6-E4BE-4E7F-9D80-5CE01AC9EDFC} - C:\WINDOWS\system32\qoMffCss.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?f8f1310837334c7d8099522422c1eda0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?f8f1310837334c7d8099522422c1eda0
    O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll mvlafr.dll
    O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
    O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe (file missing)
    0
  • 1
  • 2
  • 3