SOS virus Packed.Win32.Krap.q

ludino Messages postés 21 Date d'inscription   Statut Membre -  
ludino Messages postés 21 Date d'inscription   Statut Membre -
Bonjour,

J'ai un virus, impossible de le suprimer, mon antivirus me le détecte mais ne peut pas le suprimer.
Il me noet ce message: code dangereux détecté dans le fichier C:\WINDOWS\SYSTEM32\TUPABEZU.DLL et aussi
avec NONABEFA.DLL
J'ai fais un nettoyage avec CCLEANER.
Mais rien .
Aidez moi , je n'y connais rien en informatique.
Merci
Configuration: Windows XP

34 réponses

  • 1
  • 2
Résumé de la discussion

Le problème décrit concerne une infection virale sur Windows XP, détectée par l'antivirus mais non éradiquée, avec des messages d'alerte concernant des DLL système comme TUPABEZU.DLL et NONABEFA.DLL. Plusieurs solutions proposées incluent l'utilisation d'outils de nettoyage comme ComboFix, Malwarebytes et ToolBar S&D, avec des rapports détaillant des composants infectés, des suppressions prévues au redémarrage et des clés de registre modifiées. Les rapports montrent des infections Trojan.Vundo.H et Rogue, des entrées BHO modifiées et des exécutions planifiées, nécessitant des quarantaines, suppressions sur reboot et nettoyage des fichiers et répertoires concernés. En cas de persistance, des éléments comme des extensions et des paramètres de démarrage suggèrent une persistance via des modules, nécessitant des étapes supplémentaires pour un nettoyage approfondi.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. V-X
     
    Salut,

    ▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

    ▶ Double clique sur RSIT.exe pour lancer l'outil.

    ▶ Clique sur ' continue ' à l'écran Disclaimer.

    Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

    ▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
    ( log.txt & info.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  2. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Salut,
    Voilà ce que j'obtient avec un scan de HIjackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:33:02, on 22/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7cf61770-f17f-4e7d-9e6b-89f91d961af1} - C:\WINDOWS\system32\zogonaha.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vobetalofe] Rundll32.exe "C:\WINDOWS\system32\nelonezi.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ludivineln.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {A90F4F01-CAA6-4A13-82ED-C3272CC8841B} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CDBAE9BE-A55B-4A03-8604-896ECB7A0F1A} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\tupabezu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
    0
  3. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Voici le rapport obtenu après un scan RSIT

    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\rom\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\rom.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7cf61770-f17f-4e7d-9e6b-89f91d961af1} - C:\WINDOWS\system32\zogonaha.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe" dm=http://erreurchasseur.com ad=http://erreurchasseur.com sd=http://repay.erreurchasseur.com
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [vobetalofe] Rundll32.exe "C:\WINDOWS\system32\nelonezi.dll",s
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ludivineln.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {A90F4F01-CAA6-4A13-82ED-C3272CC8841B} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CDBAE9BE-A55B-4A03-8604-896ECB7A0F1A} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\tupabezu.dll
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
    0
  4. V-X
     
    Re,

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    ▶ Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...

    ▶ Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .

    ▶ Choisis l'option 1 ( "recherche") et tapes "entrée" .

    ▶Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...

    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

    Tutoriel Toolbard-S&D

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Voici le rapport obtenu

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : Rev 1.0 XXX
    USER : rom ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVirus Firewall 6.15 6.15 (Activated)
    Firewall : AntiVirus Firewall 6.15 6.15 (Activated)
    C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 22/05/2009|13:59 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\Accoona
    C:\Program Files\Accoona\quiesce.exe
    C:\Program Files\Dealio
    C:\Program Files\Dealio\kb126
    C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
    C:\DOCUME~1\ludivine\APPLIC~1\Search Settings
    C:\DOCUME~1\ludivine\APPLIC~1\Search Settings\kb126
    C:\DOCUME~1\ludivine\APPLIC~1\Search Settings\kb126\temp
    C:\DOCUME~1\ludivine\APPLIC~1\Search Settings\kb126\temp\ws-14212.log
    C:\DOCUME~1\rom\APPLIC~1\Search Settings
    C:\DOCUME~1\rom\APPLIC~1\Search Settings\kb126
    C:\DOCUME~1\rom\APPLIC~1\Search Settings\kb126\res
    C:\DOCUME~1\rom\APPLIC~1\Search Settings\kb126\temp
    C:\DOCUME~1\rom\APPLIC~1\Search Settings\kb126\temp\ws-14385.log
    C:\DOCUME~1\rom\APPLIC~1\Search Settings\kb126\temp\ws-14386.log
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb126
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb126\res
    C:\Program Files\Search Settings\kb126\SearchSettings.dll
    C:\Program Files\Search Settings\kb126\temp
    C:\WINDOWS\iun6002.exe

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (rom) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (rom) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 22/05/2009|14:01 - Option : [1]

    -----------\\ Fin du rapport a 14:01:05,85
    0
  7. V-X
     
    Re,

    Fais ceci maintenant :

    ▶ Nettoyage avec ToolBar S&D :

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    ▶Relances Toolbar-S&D en double-cliquant sur le raccourci.

    ▶ Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

    Note : Ne touches à rien lors de la suppression !!

    ▶ Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  8. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    On peut faire quelque chose, il n'est pas HS ?
    Le rapport obtenu est celui-ci :

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1.50GHz )
    BIOS : Rev 1.0 XXX
    USER : rom ( Administrator )
    BOOT : Normal boot
    Antivirus : AntiVirus Firewall 6.15 6.15 (Activated)
    Firewall : AntiVirus Firewall 6.15 6.15 (Activated)
    C:\ (Local Disk) - NTFS - Total:37 Go (Free:16 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 22/05/2009|14:28 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\Accoona\quiesce.exe
    Supprime! - C:\Program Files\Dealio\kb126
    Supprime! - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
    Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
    Supprime! - C:\DOCUME~1\ludivine\APPLIC~1\Search Settings\kb126
    Supprime! - C:\DOCUME~1\rom\APPLIC~1\Search Settings\kb126
    Supprime! - C:\Program Files\Search Settings\kb126
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\WINDOWS\iun6002.exe
    Supprime! - C:\Program Files\Accoona
    Supprime! - C:\Program Files\Dealio
    Supprime! - C:\DOCUME~1\ludivine\APPLIC~1\Search Settings
    Supprime! - C:\DOCUME~1\rom\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

    (rom) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
    (rom) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 22/05/2009|14:01 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 22/05/2009|14:35 - Option : [2]

    -----------\\ Fin du rapport a 14:35:36,88
    0
  9. V-X
     
    Re,

    Télécharge et installe MalwareByte's Anti-Malware
    Malwarebyte

    Mets le à jour

    ▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

    ▶ Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait

    ▶ clique sur Rechercher

    ▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

    Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

    Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

    Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

    Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

    Tutoriel pour MalwareByte's

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
    1. ludino Messages postés 21 Date d'inscription   Statut Membre
       
      J'ai un message comme quoi il n'a pas peu supprimer certains fichiers
      VOICI LE RAPPORT :
      Malwarebytes' Anti-Malware 1.36
      Version de la base de données: 2166
      Windows 5.1.2600 Service Pack 3

      22/05/2009 15:11:02
      mbam-log-2009-05-22 (15-11-02).txt

      Type de recherche: Examen rapide
      Eléments examinés: 102816
      Temps écoulé: 21 minute(s), 59 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 6
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 3
      Fichier(s) infecté(s): 26

      Processus mémoire infecté(s):
      C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe (Rogue.SystemErrorFixer) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\WINDOWS\system32\tupabezu.dll (Trojan.Vundo.H) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7cf61770-f17f-4e7d-9e6b-89f91d961af1} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CLASSES_ROOT\CLSID\{7cf61770-f17f-4e7d-9e6b-89f91d961af1} (Trojan.Vundo.H) -> Delete on reboot.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7cf61770-f17f-4e7d-9e6b-89f91d961af1} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vobetalofe (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\salestart (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Products\rdomain (Rogue.PCVirusless) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Products\prodname (Rogue.PCVirusless) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Products\compname (Rogue.PCVirusless) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tupabezu.dll -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tupabezu.dll -> Delete on reboot.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      C:\Documents and Settings\rom\Local Settings\Temp\NI.UGA6PV_0001_N122M2910 (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\diyobela.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\aleboyid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\kinanefu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ufenanik.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vikefuto.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\otufekiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\wofomobu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ubomofow.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\zadiyoju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ujoyidaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nelonezi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\zogonaha.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tupabezu.dll (Trojan.Vundo.H) -> Delete on reboot.
      C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\fafereza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lotugene.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\nuluvalo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lakenade.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jofifeti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\jovireha.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Documents and Settings\rom\Local Settings\Temp\NI.UGA6PV_0001_N122M2910\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\rom\Local Settings\Temp\NI.UGA6PV_0001_N122M2910\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\P3Package.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      C:\Program Files\P4Package.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
      C:\Program Files\TMPGEnc.exe (Trojan.Alphabet) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\kudavori.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
      0
  10. V-X
     
    Re,

    Supprime la quarantaine de malwarebyte et refait un LOg avec RSIT.

    merci
    0
    1. ludino Messages postés 21 Date d'inscription   Statut Membre
       
      Je n'ai plus de message d'erreur, mais il est toujours lent es-ce normal ?
      Je n'ai plus de virus normalement?
      Merci
      0
  11. V-X
     
    Re,

    Refait moi un log avec RSIT et te donne la suite ce n'est pas fini.
    0
  12. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Voici le rapport
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by rom at 2009-05-22 17:48:03
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 16 GB (43%) free of 38 GB
    Total RAM: 494 MB (8% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:48:36, on 22/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Documents and Settings\rom\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\rom.exe
    C:\Documents and Settings\rom\Bureau\RSIT.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {4F1E5B1AA-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ludivineln.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader4.cab
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {A90F4F01-CAA6-4A13-82ED-C3272CC8841B} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CDBAE9BE-A55B-4A03-8604-896ECB7A0F1A} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
    0
  13. V-X
     
    Re,

    Télécharge ComboFix (de sUBs) sur ton Bureau.

    /!\Désactive temporairement toute protection résidente /!\ (Antivirus, antispywares..)
    Double clique sur ComboFix.exe.
    Accepte la licence en cliquant sur Oui.
    Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
    Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide :Comment utiliser ComboFix.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  14. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Voici le rapport de combofix :

    ComboFix 09-05-21.08 - rom 22/05/2009 18:06.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.494.222 [GMT 2:00]
    Lancé depuis: c:\documents and settings\rom\Bureau\ComboFix.exe
    AV: AntiVirus Firewall 6.15 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: AntiVirus Firewall 6.15 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\rom\Application Data\inst.exe
    c:\documents and settings\rom\ResErrors.log
    c:\windows\SW_Win2146X32.DLL
    c:\windows\system32\evodahuj.ini
    c:\windows\system32\hanelawi.dll.tmp
    c:\windows\system32\nuteyozo.dll
    c:\windows\system32\tetomibi.dll
    c:\windows\system32\wutokivu.dll.tmp
    c:\windows\system32\zamupuho.dll
    c:\windows\system32\zeroruta.dll.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_DHLP
    -------\Legacy_NNSERV
    -------\Service_NNServ

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-22 au 2009-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-22 12:46 . 2009-05-22 12:46 -------- d-----w c:\documents and settings\rom\Application Data\Malwarebytes
    2009-05-22 12:45 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-22 12:45 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-22 12:45 . 2009-05-22 12:45 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-22 12:45 . 2009-05-22 13:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-22 11:58 . 2009-05-22 12:35 -------- d-----w C:\ToolBar SD
    2009-05-22 10:41 . 2009-05-22 15:50 -------- d-----w C:\rsit
    2009-05-22 07:02 . 2009-05-22 07:02 -------- d-----w c:\program files\Trend Micro
    2009-05-21 19:43 . 2009-05-21 19:43 -------- d-sh--w c:\documents and settings\Administrateur\IETldCache
    2009-05-21 18:35 . 2009-05-21 18:36 -------- d-----w c:\program files\CCleaner
    2009-05-11 19:08 . 2009-05-11 19:08 -------- d-sh--w c:\documents and settings\rom\IECompatCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-22 13:10 . 2008-02-10 11:55 -------- d-----w c:\program files\Fichiers communs\ErreurChasseur
    2009-04-24 11:28 . 2004-12-07 05:12 474554 ----a-w c:\windows\system32\perfh00C.dat
    2009-04-24 11:28 . 2004-12-07 05:12 77236 ----a-w c:\windows\system32\perfc00C.dat
    2009-04-19 17:51 . 2009-04-19 17:51 -------- d-----w c:\documents and settings\rom\Application Data\GARMIN
    2009-04-18 05:55 . 2008-09-24 18:16 1878984 ----a-w c:\documents and settings\rom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2009-04-16 05:52 . 2006-10-17 20:27 -------- d-----w c:\program files\Google
    2009-04-10 17:29 . 2008-02-28 14:50 -------- d-----w c:\program files\Windows Live
    2009-04-10 14:26 . 2005-05-30 08:57 96520 ----a-w c:\documents and settings\rom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-10 14:12 . 2009-04-10 14:12 -------- d-----w c:\program files\Windows Live SkyDrive
    2009-04-10 13:57 . 2009-04-10 13:57 -------- d-----w c:\program files\Fichiers communs\Windows Live
    2009-03-28 14:12 . 2009-03-28 14:12 -------- d-----w c:\program files\Investintech.com Inc
    2009-03-27 19:07 . 2009-03-27 19:07 86576 ----a-w c:\documents and settings\rom\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
    2009-03-27 19:07 . 2009-03-27 19:07 132672 ----a-w c:\documents and settings\rom\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
    2009-03-27 19:07 . 2009-03-27 19:07 392728 ----a-w c:\documents and settings\rom\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
    2009-03-27 19:07 . 2009-03-27 19:07 135680 ----a-w c:\documents and settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    2009-03-08 03:34 . 2004-12-07 05:12 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 03:34 . 2004-12-07 05:11 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 03:33 . 2004-12-07 05:11 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 03:33 . 2004-12-07 05:12 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 03:32 . 2004-12-07 05:11 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 03:32 . 2004-12-07 05:11 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 03:31 . 2004-12-07 05:11 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 03:31 . 2004-12-07 05:12 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 03:31 . 2004-12-07 05:12 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 03:22 . 2004-12-07 05:12 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-06 14:20 . 2004-12-07 05:12 286720 ----a-w c:\windows\system32\pdh.dll
    2007-02-24 14:16 . 2007-01-20 08:28 9216 --sha-w c:\program files\Thumbs.db
    2007-01-09 19:36 . 2007-01-09 19:36 10132443 ----a-w c:\program files\SmartGenealogy.zip
    2006-09-17 09:50 . 2003-09-16 11:14 900096 ----a-w c:\program files\TMPGEnc.vfp
    2006-09-17 09:50 . 2003-09-16 11:14 4865 ----a-w c:\program files\TMPGEnc.acf
    2006-09-17 09:50 . 2003-09-16 11:14 172032 ----a-w c:\program files\Resample.dll
    2006-09-17 09:50 . 2003-09-16 11:14 936 ----a-w c:\program files\Readme.big5.txt
    2006-09-17 09:50 . 2003-09-16 11:14 2241 ----a-w c:\program files\License.fr.txt
    2006-09-17 09:50 . 2003-09-16 11:14 1341 ----a-w c:\program files\Readme.fr.txt
    2001-10-28 14:27 . 2001-10-28 14:27 182784 ----a-w c:\program files\dict.avi
    2001-09-16 18:44 . 2001-09-16 18:44 33085 ----a-w c:\program files\maj.bat
    1999-03-21 14:56 . 1999-03-21 14:56 31 ----a-w c:\program files\language.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
    "Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2004-12-01 1089536]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-11-17 1077327]
    "SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-11-15 118784]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "F-Secure Manager"="c:\program files\Securitoo\av_fw\Common\FSM32.EXE" [2005-10-26 122929]
    "F-Secure TNB"="c:\program files\Securitoo\av_fw\TNB\TNBUtil.exe" [2005-07-18 700416]
    "F-Secure Startup Wizard"="c:\program files\Securitoo\av_fw\FSGUI\FSSW.EXE" [2005-10-18 372736]
    "News Service"="c:\program files\Securitoo\av_fw\FSGUI\ispnews.exe" [2005-05-31 356352]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
    "NDSTray.exe"="NDSTray.exe" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\rom\Menu D‚marrer\Programmes\D‚marrage\
    Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    Notification de cadeaux MSN.lnk - c:\documents and settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-3-27 135680]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Antivirus Firewall.lnk - c:\program files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe [2007-11-15 32807]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):58,50,69,7a,65,5f,4c,6f,67,6f,6e,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Securitoo\\av_fw\\backweb\\7431218\\Program\\fspex.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Source Engine\\OSE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "16195:TCP"= 16195:TCP:BitComet 16195 TCP
    "16195:UDP"= 16195:UDP:BitComet 16195 UDP

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [15/11/2007 19:12 70896]
    R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft;c:\windows\system32\drivers\smbhc.sys [07/12/2004 08:23 6784]
    R2 BackWeb Plug-in - 7431218;Antivirus Firewall;c:\progra~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE [15/11/2007 18:48 32807]
    R2 F-Secure Filter;F-Secure File System Filter;c:\program files\Securitoo\av_fw\Anti-Virus\win2k\FSfilter.sys [04/11/2005 14:28 48720]
    R2 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Securitoo\av_fw\Anti-Virus\win2k\fsgk.sys [04/11/2005 14:28 62176]
    R2 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Securitoo\av_fw\Anti-Virus\win2k\FSrec.sys [04/11/2005 14:28 16816]
    R3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [07/12/2004 08:19 155392]
    R3 SMBBATT;Pilote de batterie intelligente Microsoft;c:\windows\system32\drivers\smbbatt.sys [07/12/2004 08:23 16000]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

    2005-05-14 c:\windows\Tasks\Rappel d'enregistrement 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-12-07 02:34]

    2009-05-22 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\SECURI~1\av_fw\ANTI-V~1\fsav.exe [2005-11-04 19:56]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Bloquer cette fenêtre publicitaire - c:\program files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    DPF: {A90F4F01-CAA6-4A13-82ED-C3272CC8841B} - hxxp://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    DPF: {CDBAE9BE-A55B-4A03-8604-896ECB7A0F1A} - hxxp://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-22 18:13
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(640)
    c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll

    - - - - - - - > 'lsass.exe'(696)
    c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll

    - - - - - - - > 'explorer.exe'(2328)
    c:\windows\system32\SynTPFcs.dll
    c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll

    - - - - - - - > 'csrss.exe'(616)
    c:\program files\Securitoo\av_fw\FWES\Program\fsdc.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Toshiba\ConfigFree\CFSvcs.exe
    c:\program files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    c:\program files\Securitoo\av_fw\backweb\7431218\Program\fsbwsys.exe
    c:\program files\Securitoo\av_fw\Anti-Virus\fsgk32.exe
    c:\program files\Securitoo\av_fw\Common\FSMA32.EXE
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    c:\program files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    c:\program files\Securitoo\av_fw\Common\FSMB32.EXE
    c:\program files\Securitoo\av_fw\Common\FCH32.EXE
    c:\program files\Securitoo\av_fw\Common\FAMEH32.EXE
    c:\program files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    c:\program files\Securitoo\av_fw\Anti-Virus\FSRW.exe
    c:\program files\Securitoo\av_fw\FWES\program\fsdfwd.exe
    c:\program files\Securitoo\av_fw\Anti-Virus\FSAV32.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\windows\system32\igfxext.exe
    c:\program files\Securitoo\av_fw\FSGUI\fsguidll.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-22 18:20 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-22 16:20

    Avant-CF: 17 070 620 672 octets libres
    Après-CF: 17 495 384 064 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /noguiboot /bootlogo

    224 --- E O F --- 2009-05-22 15:25
    0
  15. V-X
     
    Re,

    DESINSTALLER COMBOFIX

    ComboFix /u

    * Clique sur Démarrer, puis sur Exécuter: une fenêtre d'invite s'ouvre.
    * Colle la ligne que tu as préalablement copiée dans la fenêtre d'invite

    http://img362.imageshack.us/img362/4190/20080629180121lz8.jpg

    Appuie sur OK pour valider
    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Redémarre ton pc normalement et refait un scan COMPLET avec Malwarebyte.

    ++
    0
    1. ludino Messages postés 21 Date d'inscription   Statut Membre
       
      Excuse je ne comprend cette phrase : Colle la ligne que tu as préalablement copiée dans la fenêtre d'invite

      Peux tu m'expliquer ?
      Merci
      0
  16. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Non c'est bon je viens de comprendre.
    Y pas de soucis, je m'excuse mais je fais plusieurs en même temps
    Merci
    0
  17. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Je viens de terminer le scan complet avec Malwarebyte.
    Il ne détecte pas d'infection.

    Merci , pour tes réponses rapides.
    0
  18. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    vOICI LE RAPPORT DU LOG RSIT :
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by rom at 2009-05-23 07:49:19
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 19 GB (49%) free of 38 GB
    Total RAM: 494 MB (19% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:51:58, on 23/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Documents and Settings\rom\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\rom.exe
    C:\WINDOWS\system32\rundll32.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\rom\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ludivineln.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    O16 - DPF: {A90F4F01-CAA6-4A13-82ED-C3272CC8841B} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CDBAE9BE-A55B-4A03-8604-896ECB7A0F1A} (UploadPhoto.IconeaAX) - http://www.iconea.fr/apps/TransfertDePhoto_IconeaX.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    0
  19. V-X
     
    Re,

    ---> Télécharge OTM (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

    :processes
    explorer.exe

    :files
    C:\Program Files\Fichiers communs\ErreurChasseur

    :commands
    [purity]
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log
    0
  20. ludino Messages postés 21 Date d'inscription   Statut Membre
     
    Voici le rapport :

    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    C:\Program Files\Fichiers communs\ErreurChasseur moved successfully.
    ========== COMMANDS ==========
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\rom\Local Settings\Temporary Internet Files\Content.IE5\Z92B0FO9\affich-12558142-sos-virus-packed-win32-krap-q[1].txt scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\rom\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    Local Service Temp folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    Network Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05232009_081908

    Files moved on Reboot...
    File C:\Documents and Settings\rom\Local Settings\Temporary Internet Files\Content.IE5\Z92B0FO9\affich-12558142-sos-virus-packed-win32-krap-q[1].txt not found!
    0
  • 1
  • 2