Virus qui se multiplient.
Résolu
Boorun
Messages postés
75
Date d'inscription
Statut
Membre
Dernière intervention
-
Boorun Messages postés 75 Date d'inscription Statut Membre Dernière intervention -
Boorun Messages postés 75 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
je vais commencer par le commencement:
Il y a 3 mois environ j'ai récupéré mon ordinateur qui était partis en réparation,lorsque je l'ai récupéré il y avait un antivirus installé dessus (c'est avira antivir) de temps en temps je faisais une vérification et il trouvait des virus,des chevaux de trois et cie.
Vus que je ne suis qu'un débutant,je croyais qu'il suffisait de faire une vérification pour effacer les virus mais apparemment non!
Du coup je me retrouve avec plus de 300 virus qui se multiplient, en 1 heure il y en a une centaine qui sont apparus.
Ma question c'est:comment les effacer sans avoir a formater mon ordinateur?
Y a t-il un logiciel ou une manipulation pour les effacer?
Merci par avance.
je vais commencer par le commencement:
Il y a 3 mois environ j'ai récupéré mon ordinateur qui était partis en réparation,lorsque je l'ai récupéré il y avait un antivirus installé dessus (c'est avira antivir) de temps en temps je faisais une vérification et il trouvait des virus,des chevaux de trois et cie.
Vus que je ne suis qu'un débutant,je croyais qu'il suffisait de faire une vérification pour effacer les virus mais apparemment non!
Du coup je me retrouve avec plus de 300 virus qui se multiplient, en 1 heure il y en a une centaine qui sont apparus.
Ma question c'est:comment les effacer sans avoir a formater mon ordinateur?
Y a t-il un logiciel ou une manipulation pour les effacer?
Merci par avance.
A voir également:
- Virus qui se multiplient.
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Altruistic virus ✓ - Forum Antivirus
36 réponses
bonjour
Bonjour
* Télécharge UsbFix http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe usbfix (de Chiquitine29 & C_XX) sur ton Bureau.
/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
* Lance l'installation avec les paramètres par défaut.
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
* Double-clique sur le raccourci UsbFix sur ton Bureau.
* Choisis l'option 1 (Recherche).
* Laisse travailler l'outil.
* Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
ENSUITE
fait ceci pour avoir un diagnostique précis de la situation :
Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
!! déconnecte toi et ferme toutes tes applications en cours !!
> double-clique sur "ZHPDiag.exe" pour lancer l'installation de l'outil et laisse toi guider ( ne modifie pas les paramètres d'installe et coche bien la case "créer une icone sur le bureau" afin d'avoir les raccourcis "ZHPDiag" et "ZHPFix" ) .
> Lance ZHPDiag depuis le raccourci du bureau .
> Une fois ZHPDiag ouvert, clique sur le bouton "option" en haut sur la droite .
( celui avec le tournevis )
Une liste apparait dans l'encadré principal > vérifie que toutes les lignes soient bien cochées sauf les 045 et 061 ( important ! ) .
> Puis clique sur le bouton de "la loupe" ( en haut à gauche ) pour lancer le scan .
Laisses travailler l'outil ...
> Une fois terminé , le rapport s'affiche : clique sur bouton "disquette" pour sauvegarder le rapport obtenu ...
Enregistre bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).
( Sinon le rapport sera en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag )
Puis ferme le programme ...
> rends toi ensuite sur ce site : http://www.cijoint.fr/
Clique sur "parcourir" et va jusqu'au rapport que tu as sauvegardé .
Clique ensuite sur "cliquer ici pour déposer le fichier" et patiente ...
Une fois l'upload finit , un lien apparait > copie/colle le dans ta prochaine réponse stp ....
Bonjour
* Télécharge UsbFix http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe usbfix (de Chiquitine29 & C_XX) sur ton Bureau.
/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
* Lance l'installation avec les paramètres par défaut.
* Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
* Double-clique sur le raccourci UsbFix sur ton Bureau.
* Choisis l'option 1 (Recherche).
* Laisse travailler l'outil.
* Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
ENSUITE
fait ceci pour avoir un diagnostique précis de la situation :
Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
!! déconnecte toi et ferme toutes tes applications en cours !!
> double-clique sur "ZHPDiag.exe" pour lancer l'installation de l'outil et laisse toi guider ( ne modifie pas les paramètres d'installe et coche bien la case "créer une icone sur le bureau" afin d'avoir les raccourcis "ZHPDiag" et "ZHPFix" ) .
> Lance ZHPDiag depuis le raccourci du bureau .
> Une fois ZHPDiag ouvert, clique sur le bouton "option" en haut sur la droite .
( celui avec le tournevis )
Une liste apparait dans l'encadré principal > vérifie que toutes les lignes soient bien cochées sauf les 045 et 061 ( important ! ) .
> Puis clique sur le bouton de "la loupe" ( en haut à gauche ) pour lancer le scan .
Laisses travailler l'outil ...
> Une fois terminé , le rapport s'affiche : clique sur bouton "disquette" pour sauvegarder le rapport obtenu ...
Enregistre bien ZHPDiag.txt de façon à le retrouver facilement ( sur le bureau par exemple ).
( Sinon le rapport sera en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag )
Puis ferme le programme ...
> rends toi ensuite sur ce site : http://www.cijoint.fr/
Clique sur "parcourir" et va jusqu'au rapport que tu as sauvegardé .
Clique ensuite sur "cliquer ici pour déposer le fichier" et patiente ...
Une fois l'upload finit , un lien apparait > copie/colle le dans ta prochaine réponse stp ....
Je poste déjà le fichier .txt de usbfix, ce sera toujours ca de fait:
############################## | UsbFix V6.100 |
User : Ordinateur (Administrateurs) # Y4097797H
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:05:13 | 20/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) M processor 1500MHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
C:\ -> Disque fixe local # 37,25 Go (28,49 Go free) [Disque C:] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 1,95 Go (1,25 Go free) [USB ERWAN] # FAT
################## | Elements infectieux |
C:\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc
C:\ARK1.tmp
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "RTHDBPL"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{3d94cf30-eff8-11de-8878-000e7bc2ae2b}
Shell\AutoRun\command =F:\PQRTCEFH.EXE
HKCU\..\..\Explorer\MountPoints2\{41b1f110-16c2-11d9-9758-806d6172696f}
Shell\AutoRun\command =D:\browser.exe
HKCU\..\..\Explorer\MountPoints2\{7b595e97-ee3f-11de-8873-000e7bc2ae2b}
Shell\AutoRun\command =F:\LAUNCHER.EXE
HKCU\..\..\Explorer\MountPoints2\{aa1e6971-3919-11dd-8147-000e7bd71c29}
Shell\AutoRun\command =E:\setupSNK.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.100 ! |
############################## | UsbFix V6.100 |
User : Ordinateur (Administrateurs) # Y4097797H
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:05:13 | 20/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) M processor 1500MHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
C:\ -> Disque fixe local # 37,25 Go (28,49 Go free) [Disque C:] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 1,95 Go (1,25 Go free) [USB ERWAN] # FAT
################## | Elements infectieux |
C:\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc
C:\ARK1.tmp
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "RTHDBPL"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{3d94cf30-eff8-11de-8878-000e7bc2ae2b}
Shell\AutoRun\command =F:\PQRTCEFH.EXE
HKCU\..\..\Explorer\MountPoints2\{41b1f110-16c2-11d9-9758-806d6172696f}
Shell\AutoRun\command =D:\browser.exe
HKCU\..\..\Explorer\MountPoints2\{7b595e97-ee3f-11de-8873-000e7bc2ae2b}
Shell\AutoRun\command =F:\LAUNCHER.EXE
HKCU\..\..\Explorer\MountPoints2\{aa1e6971-3919-11dd-8147-000e7bd71c29}
Shell\AutoRun\command =E:\setupSNK.exe
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné !
################## | ! Fin du rapport # UsbFix V6.100 ! |
Suppression
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir
(1) Double clic sur le raccourci UsbFix présent sur ton bureau
(2) Choisi l'option 2 ( Suppression )
Ton bureau disparaitra et le pc redémarrera .
Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir
(1) Double clic sur le raccourci UsbFix présent sur ton bureau
(2) Choisi l'option 2 ( Suppression )
Ton bureau disparaitra et le pc redémarrera .
Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
fais usbfix option 2 comme expliquer
ensuite
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
ou ici : https://sites.google.com/site/toolbarsd/
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2 . Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Tuto :
https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
ensuite
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
ou ici : https://sites.google.com/site/toolbarsd/
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2 . Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Tuto :
https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/
############################## | UsbFix V6.100 |
User : Ordinateur (Administrateurs) # Y4097797H
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:27:16 | 20/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) M processor 1500MHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local # 37,25 Go (28,47 Go free) [Disque C:] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 1,95 Go (1,25 Go free) [USB ERWAN] # FAT
################## | Elements infectieux |
Supprimé ! C:\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc
Supprimé ! C:\Recycler\S-1-5-21-2414160320-4238490006-2647119315-1006
Supprimé ! C:\Recycler\S-1-5-21-515967899-789336058-1060284298-1003
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "RTHDBPL"
User : Ordinateur (Administrateurs) # Y4097797H
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 12:27:16 | 20/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Celeron(R) M processor 1500MHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ (!) Disabled | Updated ]
C:\ -> Disque fixe local # 37,25 Go (28,47 Go free) [Disque C:] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible # 1,95 Go (1,25 Go free) [USB ERWAN] # FAT
################## | Elements infectieux |
Supprimé ! C:\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc
Supprimé ! C:\Recycler\S-1-5-21-2414160320-4238490006-2647119315-1006
Supprimé ! C:\Recycler\S-1-5-21-515967899-789336058-1060284298-1003
################## | Registre |
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "RTHDBPL"
C'est a dire que j'ai eu un problème car lorsque mon ordinateur a redémarrer pour faire usbfix il y avait des fenêtres de avira qui s'ouvraient toutes les 2s et du coup le rapport n'avançait pas.
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : v1.3C
USER : Ordinateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:28 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:1999 Mo (Free:1 Go)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 20/03/2010|13:26 )
-----------\\ SUPPRESSION
Echec ! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\DAEMON Tools Toolbar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(LocalService) - {d7bf73c0-68a9-40e7-adbc-af98e7c24de1} => xulcache
(Ordinateur) - {d7bf73c0-68a9-40e7-adbc-af98e7c24de1} => xulcache
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj.dat
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj.exe
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj_nav.dat
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 20/03/2010|13:27 - Option : [2]
-----------\\ Fin du rapport a 13:27:18,62
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : v1.3C
USER : Ordinateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:28 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB) - FAT - Total:1999 Mo (Free:1 Go)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 20/03/2010|13:26 )
-----------\\ SUPPRESSION
Echec ! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\DAEMON Tools Toolbar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(LocalService) - {d7bf73c0-68a9-40e7-adbc-af98e7c24de1} => xulcache
(Ordinateur) - {d7bf73c0-68a9-40e7-adbc-af98e7c24de1} => xulcache
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj.dat
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj.exe
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj_nav.dat
C:\DOCUME~1\ORDINA~1\LOCALS~1\APPLIC~1\byolawtj_navps.dat
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 20/03/2010|13:27 - Option : [2]
-----------\\ Fin du rapport a 13:27:18,62
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3886
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
20/03/2010 14:56:11
mbam-log-2010-03-20 (14-56-11).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 139390
Temps écoulé: 26 minute(s), 4 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 57
Processus mémoire infecté(s):
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.Tracur) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\645036fe839 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{65dcd8fe-a6f4-47b5-a5bd-13952364defc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f55c26ae-bdb0-4cc3-ba4e-ba5a0806438e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6bb6a9a-e77b-4d5b-82d0-15ffb881e963} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07286.TBSB07286Toolbar (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\TBSB07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmdskmgr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmdskmgr32.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Temp\1.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Mes documents\LimeWire\Saved\play_mp3\play_mp3_setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420\veghd87411.exe (Adware.EcoBar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP96\A0047615.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047803.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047806.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc.UsbFix\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
Version de la base de données: 3886
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
20/03/2010 14:56:11
mbam-log-2010-03-20 (14-56-11).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 139390
Temps écoulé: 26 minute(s), 4 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 57
Processus mémoire infecté(s):
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.Tracur) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\645036fe839 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{65dcd8fe-a6f4-47b5-a5bd-13952364defc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f55c26ae-bdb0-4cc3-ba4e-ba5a0806438e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6bb6a9a-e77b-4d5b-82d0-15ffb881e963} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07286.TBSB07286Toolbar (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\TBSB07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmdskmgr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmdskmgr32.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Temp\1.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Mes documents\LimeWire\Saved\play_mp3\play_mp3_setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420\veghd87411.exe (Adware.EcoBar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP96\A0047615.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047803.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047806.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc.UsbFix\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3886
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
20/03/2010 14:56:11
mbam-log-2010-03-20 (14-56-11).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 139390
Temps écoulé: 26 minute(s), 4 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 57
Processus mémoire infecté(s):
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.Tracur) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\645036fe839 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{65dcd8fe-a6f4-47b5-a5bd-13952364defc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f55c26ae-bdb0-4cc3-ba4e-ba5a0806438e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6bb6a9a-e77b-4d5b-82d0-15ffb881e963} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07286.TBSB07286Toolbar (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\TBSB07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmdskmgr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmdskmgr32.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Temp\1.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Mes documents\LimeWire\Saved\play_mp3\play_mp3_setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420\veghd87411.exe (Adware.EcoBar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP96\A0047615.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047803.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047806.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc.UsbFix\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
Version de la base de données: 3886
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
20/03/2010 14:56:11
mbam-log-2010-03-20 (14-56-11).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 139390
Temps écoulé: 26 minute(s), 4 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 25
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 7
Fichier(s) infecté(s): 57
Processus mémoire infecté(s):
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.Tracur) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\645036fe839 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3f2cc374-9724-4a96-8bdc-2c6868726499} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{65dcd8fe-a6f4-47b5-a5bd-13952364defc} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f55c26ae-bdb0-4cc3-ba4e-ba5a0806438e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6bb6a9a-e77b-4d5b-82d0-15ffb881e963} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23d0d6a-8cba-4b33-9735-47d81f5b2b85} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.ietoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07286.tbsb07286.3 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.tbsb07286.1 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07286.TBSB07286Toolbar (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\TBSB07286 (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{59382727-9048-6123-1523-597264847187} (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dmdskmgr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dmdskmgr32.dll -> Delete on reboot.
Dossier(s) infecté(s):
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Application Data\byolawtj.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsrpcn32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\system32\dmdskmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Documents and Settings\Ordinateur\Application Data\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Local Settings\Temp\1.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ordinateur\Mes documents\LimeWire\Saved\play_mp3\play_mp3_setup.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\sysmon\nirnj74420\veghd87411.exe (Adware.EcoBar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP96\A0047615.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047803.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{581922C5-1DD3-44E9-8B60-B432ADA6D6D3}\RP97\A0047806.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\DOCUME~1\ORDINA~1\APPLIC~1\SystemProc.UsbFix\lsass.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1040870564v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1040870564v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1040870564v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\basis.xml (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\ecobar.crc (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\icons.bmp (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\info.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\uninstall.exe (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\version.txt (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\ecobar\your_logo.png (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
Ton PC est infecté par l'adware Navipromo/Magic Control qui affiche des publicités intempestives.
Il s'installe via certains programmes, dont voici la liste :
* Funky Emoticons
* Games Attack
* Go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Sudoplanet
* SuperSexPlayer
* Official Emule (Version d'Emule modifiée)
* Webmediaplayer
* Sur le site hxxp://www.games-desktop.com (!Ne pas aller dessus!)
Navilog 1 :
Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Double-clique sur Navilog1.exe.
Appuie sur F puis valide par Entrée.
Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Patiente jusqu'au message : "" Scan terminé le ..... ""
Le rapport apparaît, poste-le dans ta prochaine réponse.
A noter : Le rapport se trouve également ici : C:\cleannavi.txt
========================================
Il s'installe via certains programmes, dont voici la liste :
* Funky Emoticons
* Games Attack
* Go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Sudoplanet
* SuperSexPlayer
* Official Emule (Version d'Emule modifiée)
* Webmediaplayer
* Sur le site hxxp://www.games-desktop.com (!Ne pas aller dessus!)
Navilog 1 :
Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le Bureau.
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Double-clique sur Navilog1.exe.
Appuie sur F puis valide par Entrée.
Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options.
Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix.
Patiente le temps du scan. Il te sera peut-être demandé de redémarrer ton PC.
Patiente jusqu'au message : "" Scan terminé le ..... ""
Le rapport apparaît, poste-le dans ta prochaine réponse.
A noter : Le rapport se trouve également ici : C:\cleannavi.txt
========================================
Fix Navipromo version 4.0.8 commencé le 20/03/2010 15:21:51,45
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : v1.3C
USER : Ordinateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:28 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executée en mode normal
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : v1.3C
USER : Ordinateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:28 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executée en mode normal
NON lis tout ce que je te marque SVP
A noter : Le rapport se trouve également ici : C:\cleannavi.txt
A noter : Le rapport se trouve également ici : C:\cleannavi.txt
Je suis désolé mais lorsque je vais dans C:\cleannavi.txt je n'ai que ca :
Fix Navipromo version 4.0.8 commencé le 20/03/2010 15:44:39,54
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : v1.3C
USER : Ordinateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:28 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executée en mode normal
Fix Navipromo version 4.0.8 commencé le 20/03/2010 15:44:39,54
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
Outil exécuté depuis C:\navilog1
Mise à jour le 09.03.2010 à 18h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : v1.3C
USER : Ordinateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:28 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executée en mode normal
bon désactive ton antivirus et ton pare-feu fais sa avant le scan
Télécharge rkill
Enregistre-le sur ton Bureau
https://download.bleepingcomputer.com/grinler/rkill.exe https://download.bleepingcomputer.com/grinler/rkill.exe
Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
change de lien de téléchargement en utilisant le suivant à partir d'ici:
https://download.bleepingcomputer.com/grinler/rkill.exe https://download.bleepingcomputer.com/grinler/rkill.exe
une fois qu'il aura terminé
refais la procédure au dessus
Télécharge rkill
Enregistre-le sur ton Bureau
https://download.bleepingcomputer.com/grinler/rkill.exe https://download.bleepingcomputer.com/grinler/rkill.exe
Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
change de lien de téléchargement en utilisant le suivant à partir d'ici:
https://download.bleepingcomputer.com/grinler/rkill.exe https://download.bleepingcomputer.com/grinler/rkill.exe
une fois qu'il aura terminé
refais la procédure au dessus
