Viruuuus !

Besoin d'aide =) -  
 Utilisateur anonyme -
Bonjour,
Alors moi aussi j'ai recu ce fameux vurus par MNS
Nom du fichier : G:\autorun.inf
Nom du fichier malveillant : VBS:Malware-gen
Type de logiciel malveillant : Virus/Ver
Version VPS : 091226-1, 26/12/2009

Silvouplaii keske jdoii faiire exactement pour le supprimé !
Mercii dvotre aide =D
Configuration: Windows XP
Firefox 3.5.6

22 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    >Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

    • Double-clique sur RSIT.exe afin de lancer RSIT.

    • Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    • RSIT téléchargera Hijackthis (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    • Poste le contenu de log.txt.

    • Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
    3
    1. Tchoup'S Messages postés 25 Statut Membre
       
      VOILA LE CONTENU
      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Propriétaire at 2009-12-27 01:25:23
      Microsoft Windows XP Édition familiale Service Pack 1
      System drive C: has 708 MB (1%) free of 73 GB
      Total RAM: 511 MB (26% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:25:57, on 27/12/2009
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\WINDOWS\ALCXMNTR.EXE
      C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\EoRezo\eorezo.exe
      C:\Program Files\Ares\Ares.exe
      C:\Program Files\Winsudate\gibusr.exe
      C:\documents and settings\propriétaire\local settings\application data\msafmkre.exe
      C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\WINDOWS\rndll.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Winsudate\gibsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Java\jre6\bin\jucheck.exe
      C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\RSIT.exe
      C:\Program Files\trend micro\Propriétaire.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.postarticles.net
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: EOBHO - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files\EoRezo\EoRezoBHO.dll
      O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Propriétaire\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
      O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
      O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
      O4 - HKCU\..\Run: [msafmkre] "c:\documents and settings\propriétaire\local settings\application data\msafmkre.exe" msafmkre
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - Startup: Notification de cadeaux MSN.lnk = ?
      O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
      0
  2. coolvirus Messages postés 138 Statut Membre 1
     
    ouais si tu veux quil se propage tu le laisse si non tu le surpimé mdrrrrrrrrrrrrrrr
    0
  3. Tchoup'S Messages postés 25 Statut Membre
     
    Moi jsuiis vraiment nuul l'indant
    0
  4. Utilisateur anonyme
     
    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Tchoup'S Messages postés 25 Statut Membre
     
    Mercii beaucoup je fais sa tout de suite et je colle le rappor !
    0
  7. Tchoup'S Messages postés 25 Statut Membre
     
    .MERCI VRAIMENT ! VOICI LE RESULTAT
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 26.12.2009 à 20:47
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 2:02:29, 27/12/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 1 v5.1.2600
    Nom du PC: NOM-OGL2XDJJQAE | Utilisateur actuel: Propri‚taire

    Bonnes fêtes de fin d'année à vous tous :)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: WinSvc

    C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\liveplayer_exe.dat
    C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\liveplayer_skin.dat
    C:\WINDOWS\pack.epk
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Live-Player
    C:\Program Files\AskTBar
    C:\Program Files\EoRezo
    C:\Program Files\Kiwee Toolbar2
    C:\Program Files\Live-Player
    C:\Program Files\Viewpoint
    C:\Program Files\Winsudate
    C:\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo
    C:\DOCUME~1\PROPRI~1\APPLIC~1\ItsLabel
    C:\DOCUME~1\PROPRI~1\APPLIC~1\live-player
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar2
    C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\EoRezo
    C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\Kiwee Toolbar2
    C:\DOCUME~1\PROPRI~1\Bureau\Live-Player.lnk
    C:\DOCUME~1\ALLUSE~1\Bureau\Continue Europa Casino setup.lnk
    C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre.dat
    C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre.exe
    C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre_nav.dat
    C:\Documents and Settings\Propri‚taire\Local Settings\Application Data\msafmkre_navps.dat

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\software\EoRezo
    HKCU\software\fcn
    HKCU\software\Live-Player
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\msafmkre
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
    HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\software\classes\appid\EoRezoBHO.DLL
    HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
    HKLM\Software\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKLM\software\classes\EoRezoBHO.EoBHO
    HKLM\software\classes\EoRezoBHO.EoBHO.1
    HKLM\Software\Classes\Interface\{819DB72D-1C28-4387-9778-E2FF3DC86F74}
    HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
    HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
    HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\software\EoRezo
    HKLM\software\Live-Player
    HKLM\software\microsoft\shared tools\msconfig\startupreg\EoEngine
    HKLM\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
    HKLM\SYSTEM\ControlSet003\Services\winsvc
    HKU\.default\software\EoRezo
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.6 [fr] *
    .
    Nom du profil: 708vdllo.default (Propri‚taire)
    .
    (PROPRI~1, Invalidprefs.js) Browser.search.defaultenginename, Chercher Malin
    (PROPRI~1, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    (PROPRI~1, Invalidprefs.js) Browser.search.selectedEngine, Chercher Malin
    (PROPRI~1, Invalidprefs.js) Browser.startup.homepage, hxxp://www.cherchermalin.com/?t=Q0908143499&s=h
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    .
    (PROPRI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements
    (PROPRI~1, prefs.js) Browser.search.defaultenginename, Chercher Malin
    (PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    (PROPRI~1, prefs.js) Browser.search.selectedEngine, Google
    (PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://www.searcheo.fr/pratique
    (PROPRI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,ar@dictionaries.addons.mozilla.org:2.0.20080110,fr@dictionaries.addons.mozilla.org:2.1,{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
    (PROPRI~1, prefs.js) Keyword.URL, hxxp://www.searcheo.fr/pratique?search&q=
    .
    .
    * Internet Explorer Version 6.0.2800.1106 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\WINDOWS\System32\blank.htm
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Use Custom Search URL: 1 (0x1)
    Use Search Asst: no
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search Bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    6356 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
    3 Fichier(s) - C:\WINDOWS\Temp
    7 Fichier(s) - C:\WINDOWS\Prefetch
    .
    18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
    264 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 2:13:03 | 27/12/2009 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    0
    1. Tchoup'S Messages postés 25 Statut Membre
       
      Merci pour votre aide j'attend la suiite pour demain svp .. la je vais me coucher =)
      Bonne soiré . et a Demain Mercii !
      0
  8. Utilisateur anonyme
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge :

    Malwarebytes

    ou :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
  9. Tchoup'S Messages postés 25 Statut Membre
     
    Mercii je fais sa maintenent et je poste le rapport =D
    0
  10. Tchoup'S Messages postés 25 Statut Membre
     
    J'aii un petit soucis
    Quand je met RAPPORT COMPLET on me demande de selectionné le lecteur a examiné !
    il y a le lecteur A :/ C:/ D:/ E:/ F:/ G:/ Maiis il y a ke le lecteur C:/ et D:/ qui sont coché !
    QUE DOIT JE FAIRE
    0
  11. Tchoup'S Messages postés 25 Statut Membre
     
    Le rapport est terminé MAIS L'ORDINATEUR A REDERMARRé Ou est il enregistré ?
    0
  12. Utilisateur anonyme
     
    Ouvre Malwarebyte's / Onglet Log, rapports / Copie sont intégralité et envoie le dans ta prochaine réponse.
    0
  13. Tchoup'S Messages postés 25 Statut Membre
     
    MERCI VOILAA LE RAPPORT ::
    Malwarebytes' Anti-Malware 1.42
    Version de la base de données: 3441
    Windows 5.1.2600 Service Pack 1
    Internet Explorer 6.0.2800.1106

    28/12/2009 01:17:33
    mbam-log-2009-12-28 (01-17-33).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 226358
    Temps écoulé: 1 hour(s), 12 minute(s), 35 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 80

    Processus mémoire infecté(s):
    C:\WINDOWS\rndll.exe (BackdoorBot) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firevall administrating (BackdoorBot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://www.postarticles.net) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\07WCKS25\gibupt[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\07WCKS25\gibusr[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O7Z9STUM\gibsvc[1].exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z9MOSO1A\gibcom[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z9MOSO1A\gibidl[1].dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA\SoftwareUpdate.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\PROPRI~1\APPLIC~1\EoRezo\SOFTWA~1\SOFTWA\SoftwareUpdateHP.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EOA99\EoRezoBHO.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoAdv\EoAdv.dll.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\EoEng\EoEngine.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\EoRezo\eorez\eorezo.exe.vir (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibcom\gibcom.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibidl\gibidl.dll.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibsvc\gibsvc.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibupt\gibupt.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WINSUD~1\gibusr\gibusr.exe.vir (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042974.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042976.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042977.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0042978.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043001.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043031.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043032.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043033.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043034.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043035.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043037.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP241\A0043038.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Propriétaire\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    C:\WINDOWS\image02.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image020.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image023.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image026.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image035.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image044.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image05.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image083.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image086.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\image092.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images18.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images21.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images24.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images33.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images66.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images72.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images81.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images90.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\images96.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo0.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo18.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo21.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo27.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo30.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo39.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo63.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo72.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo78.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo84.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_13.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_16.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_22.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_34.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_64.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_76.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_85.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_88.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photos2007_94.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album1.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album25.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album37.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album43.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album49.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album58.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album7.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album73.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album79.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album82.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album88.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\photo_album91.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
    C:\WINDOWS\rndll.exe (BackdoorBot) -> Quarantined and deleted successfully.
    0
  14. Utilisateur anonyme
     
    Vide la qurantaine de Malwarebyte's :

    > Lance Malwarebyte's
    > Onglet quarantaine
    > Supprimer tout

    Et refait moi un rapport RSIT stp =)
    https://forums.commentcamarche.net/forum/affich-15848347-viruuuus#1
    0
    1. Tchoup'S Messages postés 25 Statut Membre
       
      VOILA LE RAPPORT RSIT ::

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Propriétaire at 2009-12-29 00:36:15
      Microsoft Windows XP Édition familiale Service Pack 1
      System drive C: has 1 GB (2%) free of 73 GB
      Total RAM: 511 MB (23% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:36:34, on 29/12/2009
      Platform: Windows XP SP1 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\WINDOWS\ALCXMNTR.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Ares\Ares.exe
      C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\System32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Propriétaire\Mes documents\Téléchargements\RSIT(2).exe
      C:\Program Files\trend micro\Propriétaire.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
      O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - Startup: Notification de cadeaux MSN.lnk = ?
      O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe (file missing)
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      0
  15. Tchoup'S Messages postés 25 Statut Membre
     
    Daccor je fais sa maintenent =D
    0
  16. Tchoup'S Messages postés 25 Statut Membre
     
    eske je doi tou fermé comme le premier rappor ?!
    0
  17. Utilisateur anonyme
     
    Repasse Ad-Remover en option L et envoie le rapport.
    0
  18. Tchoup'S Messages postés 25 Statut Membre
     
    MERCI ET VOICI LE RAPPORT ::
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 26.12.2009 à 20:47
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 1:24:58, 30/12/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 1 v5.1.2600
    Nom du PC: NOM-OGL2XDJJQAE | Utilisateur actuel: Propri‚taire

    Bonnes fêtes de fin d'année à vous tous :)
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    (!) -- Fichiers temporaires supprimés.

    .
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.6 [fr] *
    .
    Nom du profil: 708vdllo.default (Propri‚taire)
    .
    (PROPRI~1, Invalidprefs.js) Browser.search.defaultenginename, Chercher Malin
    (PROPRI~1, Invalidprefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    (PROPRI~1, Invalidprefs.js) Browser.search.selectedEngine, Chercher Malin
    (PROPRI~1, Invalidprefs.js) Browser.startup.homepage, hxxp://www.cherchermalin.com/?t=Q0908143499&s=h
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    (PROPRI~1, Invalidprefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
    .
    (PROPRI~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Propriétaire\Mes documents\MES IMAGES\PhOto Neejma\LOGO'S
    (PROPRI~1, prefs.js) Browser.search.defaultenginename, Chercher Malin
    (PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    (PROPRI~1, prefs.js) Browser.search.selectedEngine, Google
    (PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://www.searcheo.fr/pratique
    (PROPRI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1,ar@dictionaries.addons.mozilla.org:2.0.20080110,fr@dictionaries.addons.mozilla.org:2.1,{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,jqs@sun.com:1.0,{d9284e50-81fc-11da-a72b-0800200c9a66}:6.2.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
    (PROPRI~1, prefs.js) Keyword.URL, hxxp://www.searcheo.fr/pratique?search&q=
    .
    .
    * Internet Explorer Version 6.0.2800.1106 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\WINDOWS\System32\blank.htm
    Show_ToolBar: yes
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Use Custom Search URL: 1 (0x1)
    Use Search Asst: no
    Start Page: hxxp://fr.msn.com/
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search Bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ===================================
    .
    6725 Octet(s) - C:\Ad-Report-CLEAN[1].log
    3800 Octet(s) - C:\Ad-Report-CLEAN[2].log
    .
    0 Fichier(s) - C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
    3 Fichier(s) - C:\WINDOWS\Temp
    6 Fichier(s) - C:\WINDOWS\Prefetch
    .
    35 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
    253 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 1:30:30 | 30/12/2009 - CLEAN[2]
    .
    ============== E.O.F ==============
    .
    0
  19. Utilisateur anonyme
     
    Supprime manuellement ceci : C:\Program Files\EoRezo\eorezo.exe

    Et refait moi un RSIT.
    0
  20. Tchoup'S Messages postés 25 Statut Membre
     
    Je le supprime où ?? Où est enregistré le fichier ?
    0
  • 1
  • 2