Win32 trojan-gen {other}... la cata !!

lutherjimmy Messages postés 2 Statut Membre -  
 MOUN's -
Bonjour,

Ma machine s'est traînée dans des endroits peu recommandables et elle s'est chopée "win32 trojan-gen {other}". A bout d'essais infructeux et étant novice en la matière, peut-être quelqu'un pourrait trouver une solution à la situation ?

Mille merci d'avance à ces personnes.

Lutherjimmy

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:48:36 27/08/2007

+ Résultat de l'analyse:

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138462.exe -> Not-A-Virus.NetTool.Win32.NukeNabber.21 : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.73:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@2o7[2].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.100:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.99:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.70:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.33:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@as1.falkag[1].txt -> TrackingCookie.Falkag : Aucune action entreprise.
:mozilla.86:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.88:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.89:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@auto.search.msn[1].txt -> TrackingCookie.Msn : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.18:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Skype : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\LasCom\Application Data\Mozilla\Firefox\Profiles\oas03gi2.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.58:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\LasCom\Cookies\lascom@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@m.webtrends[1].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\Invité\Application Data\Mozilla\Firefox\Profiles\tnx0zob0.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\Invité\Cookies\invité@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Program Files\MépHisTo Script v1.0\protect\NukeNabber\Report.exe -> Trojan.Nuker.nukenabber.a : Aucune action entreprise.

Fin du rapport

BitDefender Online Scanner

Scan report generated at: Mon, Aug 27, 2007 - 17:33:41

Scan path: A:\;C:\;E:\;F:\;G:\;H:\;I:\;J:\;

Statistics

Time

01:37:56

Files

561726

Folders

9784

Boot Sectors

7

Archives

33474

Packed Files

28268

Results

Identified Viruses

7

Infected Files

59

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

54

Engines Info

Virus Definitions

750101

Engine build

AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\$CTJTMP\CTJ.EXE

Infected with: Win32.Bacalid.A

C:\$CTJTMP\CTJ.EXE

Disinfection failed

C:\$CTJTMP\CTJ.EXE

Deleted

C:\$CTJTMP\VB40032.DLL

Infected with: Win32.Bacalid.A

C:\$CTJTMP\VB40032.DLL

Disinfection failed

C:\$CTJTMP\VB40032.DLL

Deleted

C:\Adobe\Streamline 4.0\plugin.dll

Infected with: Win32.Bacalid.A

C:\Adobe\Streamline 4.0\plugin.dll

Disinfection failed

C:\Adobe\Streamline 4.0\plugin.dll

Deleted

C:\Adobe\Streamline 4.0\SLRes.dll

Infected with: Win32.Bacalid.A

C:\Adobe\Streamline 4.0\SLRes.dll

Disinfection failed

C:\Adobe\Streamline 4.0\SLRes.dll

Deleted

C:\ATI-CPanel\atiicdxx.dll

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiicdxx.dll

Disinfection failed

C:\ATI-CPanel\atiicdxx.dll

Deleted

C:\ATI-CPanel\atiphexx.exe

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiphexx.exe

Disinfection failed

C:\ATI-CPanel\atiphexx.exe

Deleted

C:\ATI-CPanel\atippaxx.dll

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atippaxx.dll

Disinfection failed

C:\ATI-CPanel\atippaxx.dll

Deleted

C:\ATI-CPanel\atiprbxx.exe

Infected with: Win32.Bacalid.A

C:\ATI-CPanel\atiprbxx.exe

Disinfection failed

C:\ATI-CPanel\atiprbxx.exe

Deleted

C:\AUT0EXEC.BAT

Infected with: Trojan.FakeFolder.A

C:\AUT0EXEC.BAT

Disinfection failed

C:\AUT0EXEC.BAT

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\authplay.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\authplay.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\authplay.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll

Deleted

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll

Infected with: Win32.Bacalid.A

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll

Disinfection failed

C:\Documents and Settings\Frédéric\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll

Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip

Infected with: Win32.Sober.Y@mm

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip

Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip

Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx

Update failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe

Infected with: Generic.Mitglied.F050E13C

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe

Disinfection failed

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe

Deleted

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)

Updated

C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx

Update failed

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip=>mircfr/mirc.exe

Infected with: Trojan.Mirchack.A

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip=>mircfr/mirc.exe

Disinfection failed

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip=>mircfr/mirc.exe

Deleted

C:\Documents and Settings\Frédéric\Mes documents\DEUST 205\UE112\mircfr.zip

Updated

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe

Infected with: Trojan.Horse.BAU

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe

Disinfection failed

C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe

Deleted

C:\Program Files\eMule\Temp\008.part

Update failed

C:\Program Files\Mindjet\MindManager 6\MindManager.exe

Infected with: Win32.Bacalid.A

C:\Program Files\Mindjet\MindManager 6\MindManager.exe

Disinfection failed

C:\Program Files\Mindjet\MindManager 6\MindManager.exe

Deleted

C:\Program Files\Movie Maker\wmmres.dll

Infected with: Win32.Bacalid.A

C:\Program Files\Movie Maker\wmmres.dll

Disinfection failed

C:\Program Files\Movie Maker\wmmres.dll

Deleted

C:\Program Files\QuickTime\QuickTimePlayer.exe

Infected with: Win32.Bacalid.A

C:\Program Files\QuickTime\QuickTimePlayer.exe

Disinfection failed

C:\Program Files\QuickTime\QuickTimePlayer.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138452.com

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138452.com

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138452.com

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138453.com

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138453.com

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138453.com

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138454.BAT

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138454.BAT

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138454.BAT

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138455.reg

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138455.reg

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1118\A0138455.reg

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0138684.reg

Infected with: Trojan.FakeFolder.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0138684.reg

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0138684.reg

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139579.exe

Infected with: Trojan.Nuker.Nukenabber.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139579.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139579.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139580.EXE

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139580.EXE

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139580.EXE

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139581.DLL

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139581.DLL

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139581.DLL

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139582.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139582.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139582.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139583.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139583.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139583.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139584.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139584.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139584.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139585.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139585.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139585.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139586.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139586.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139586.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139587.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139587.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139587.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139588.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139588.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139588.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139589.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139589.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139589.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139590.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139590.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139590.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139591.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139591.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139591.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139592.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139592.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139592.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139593.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139593.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139593.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139594.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139594.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139594.exe

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139595.dll

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139595.dll

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139595.dll

Deleted

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139596.exe

Infected with: Win32.Bacalid.A

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139596.exe

Disinfection failed

C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1124\A0139596.exe

Deleted

C:\WINDOWS\system32\dllcache\Regedit32.com

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllcache\Regedit32.com

Disinfection failed

C:\WINDOWS\system32\dllcache\Regedit32.com

Deleted

C:\WINDOWS\system32\dllcache\Shell32.com

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllcache\Shell32.com

Disinfection failed

C:\WINDOWS\system32\dllcache\Shell32.com

Deleted

C:\WINDOWS\system32\dllchache\4A7.tmp

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\4A7.tmp

Disinfection failed

C:\WINDOWS\system32\dllchache\4A7.tmp

Deleted

C:\WINDOWS\system32\dllchache\4A8.tmp

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\4A8.tmp

Disinfection failed

C:\WINDOWS\system32\dllchache\4A8.tmp

Deleted

C:\WINDOWS\system32\dllchache\4A9.tmp

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\4A9.tmp

Disinfection failed

C:\WINDOWS\system32\dllchache\4A9.tmp

Deleted

C:\WINDOWS\system32\dllchache\Blank.doc

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Blank.doc

Disinfection failed

C:\WINDOWS\system32\dllchache\Blank.doc

Delete failed

C:\WINDOWS\system32\dllchache\Empty.jpg

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Empty.jpg

Disinfection failed

C:\WINDOWS\system32\dllchache\Empty.jpg

Delete failed

C:\WINDOWS\system32\dllchache\Hole.zip

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Hole.zip

Disinfection failed

C:\WINDOWS\system32\dllchache\Hole.zip

Delete failed

C:\WINDOWS\system32\dllchache\Unoccupied.reg

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Unoccupied.reg

Disinfection failed

C:\WINDOWS\system32\dllchache\Unoccupied.reg

Deleted

C:\WINDOWS\system32\dllchache\Zero.txt

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache\Zero.txt

Disinfection failed

C:\WINDOWS\system32\dllchache\Zero.txt

Delete failed

C:\WINDOWS\system32\dllchache.exe

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\dllchache.exe

Disinfection failed

C:\WINDOWS\system32\dllchache.exe

Deleted

C:\WINDOWS\system32\M5VBVM60.EXE

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\M5VBVM60.EXE

Disinfection failed

C:\WINDOWS\system32\M5VBVM60.EXE

Deleted

C:\WINDOWS\system32\rund1132.exe

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32\rund1132.exe

Disinfection failed

C:\WINDOWS\system32\rund1132.exe

Delete failed

C:\WINDOWS\system32.exe

Infected with: Trojan.FakeFolder.A

C:\WINDOWS\system32.exe

Disinfection failed

C:\WINDOWS\system32.exe

Deleted

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:29, on 27/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllChache\Empty.jpg
C:\WINDOWS\system32\dllChache\Blank.doc
C:\WINDOWS\system32\dllChache\Zero.txt
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllChache\Hole.zip
C:\WINDOWS\system32\rund1132.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Frédéric\Bureau\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:21
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, "C:\WINDOWS\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Secure32] C:\WINDOWS\system32\dllcache\Shell32.com StartUp
O4 - HKCU\..\Run: [Secure64] C:\WINDOWS\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: Interface Chat Voila - http://chat15.x-echo.com/version5/Applet/vchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/25a9a28e86bbff480414/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093947346843
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01BC69D8-9608-469E-89CD-C87A957EB72B}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CCS\Services\Tcpip\..\{75009A93-754D-441E-BCB0-989F3BCDCF99}: NameServer = 212.27.32.5,213.228.0.168
O17 - HKLM\System\CS1\Services\Tcpip\..\{01BC69D8-9608-469E-89CD-C87A957EB72B}: NameServer = 212.27.32.5,213.228.0.168
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 13995 bytes
Configuration: Windows XP
Firefox 2.0.0.6

7 réponses

  1. Kevindu36 Messages postés 649 Statut Membre 6
     
    salut

    Telecharge genproc de Jean-Chrétien 1 et Narco 4.
    http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    Poste le rapport .

    A plus tard.
    0
    1. MOUN's
       
      salut,

      j'ai le même problème que ce jeune homme j'ai fait exactement ce que tu as demandé de faire. Es ce que tu pourrais m'aider s'il te plait je te joint les différent rapports:

      Clean Navipromo version 3.7.1 commencé le 06/01/2009 à 13:11:54,46

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
      BIOS : Version 5.00 R1.03.1826
      USER : Mounia ( Administrator )
      BOOT : Fail-safe boot




      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:186 Go (Free:89 Go)
      D:\ (USB)
      E:\ (USB)
      F:\ (USB)
      G:\ (USB)
      H:\ (CD or DVD)
      I:\ (CD or DVD)
      J:\ (USB)


      Mode suppression automatique
      avec prise en charge résultats Catchme et GNS


      Nettoyage executé en mode sans échec


      *** fsbl1.txt non trouvé ***
      (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


      *** Suppression avec sauvegardes résultats GenericNaviSearch ***

      * Suppression dans "C:\WINDOWS\System32" *


      * Suppression dans "C:\Documents and Settings\Mounia\locals~1\applic~1" *


      * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


      *** Suppression dossiers dans "C:\WINDOWS" ***


      *** Suppression dossiers dans "C:\Program Files" ***


      *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


      *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\Mounia\applic~1" ***


      *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\Mounia\locals~1\applic~1" ***


      *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


      *** Suppression dossiers dans "C:\Documents and Settings\Mounia\menudm~1\progra~1" ***


      *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***



      *** Suppression fichiers ***


      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\WINDOWS\Temp effectué !
      Nettoyage contenu C:\Documents and Settings\Mounia\locals~1\Temp effectué !

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

      2)Recherche, création sauvegardes et suppression Heuristique :


      * Dans "C:\WINDOWS\system32" *



      * Dans "C:\Documents and Settings\Mounia\locals~1\applic~1" *



      * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



      *** Sauvegarde du Registre vers dossier Safebackup ***

      sauvegarde du Registre réalisée avec succès !

      *** Nettoyage Registre ***

      Nettoyage Registre Ok


      *** Certificats ***

      Certificat Egroup supprimé !
      Certificat Electronic-Group supprimé !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit supprimé !
      Certificat Sunny-Day-Design-Ltdt absent !

      *** Recherche autres dossiers et fichiers connus ***



      *** Nettoyage terminé le 06/01/2009 à 13:15:25,37 ***



      SmitFraudFix v2.388

      Rapport fait à 13:16:10,07, 06/01/2009
      Executé à partir de C:\Documents and Settings\Mounia\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      C:\Program Files\Google\googletoolbar1.dll supprimé

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{88013600-9E30-428C-A091-CFEA83B004FE}: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 89.2.0.2


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:32:54, on 06/01/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\ATI-CPanel\atiptaxx.exe
      C:\Norman\NVC\BIN\ZLH.EXE
      C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\ALCWZRD.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\Documents and Settings\Mounia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Norman\NVC\BIN\Zanda.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Documents and Settings\Mounia\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: AdvancedAdvisor - {7141E838-7BE0-F63D-6939-29A2CC9FBB15} - C:\Program Files\AdvancedAdvisor\AdvancedAdvisor-2.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
      O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH
      O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
      O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Mounia\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm266YYFR
      O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: http://asia.msi.com.tw
      O15 - Trusted Zone: http://global.msi.com.tw
      O15 - Trusted Zone: http://www.msi.com.tw
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      0
  2. lutherjimmy Messages postés 2 Statut Membre
     
    Bonjour et merci pour la réponse. Voici le log de GenProc :

    [1] Aucune infection caractéristique trouvée !
    0
  3. Kevindu36 Messages postés 649 Statut Membre 6
     
    re

    le virus est dans la restauration du systeme, desactive la restauration du systeme
    https://forums.cnetfrance.fr
    puis reactive là il faudrat que tu recreer un point de restauration car tout tes points vont etre supprimer

    Fait un scan avec Bitdefender Online
    https://www.bitdefender.com/toolbox/]

    Désactive ton antivirus pendant le scan
    Puis poste le rapport génerré

    ++donne moi de tes nouvelles
    0
  4. badger
     
    Bonjour,
    J'ai également le même problème avec Tojan, et je n'arive pas à m'en débarrasser.
    Me'rci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lutherjimmy
     
    Voici le dernier log de BitDfender :

    BitDefender Online Scanner

    Scan report generated at: Mon, Aug 27, 2007 - 20:36:05

    Scan path: A:\;C:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time
    01:39:40

    Files
    552223

    Folders
    9447

    Boot Sectors
    7

    Archives
    33553

    Packed Files
    28158

    Results

    Identified Viruses
    6

    Infected Files
    22

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    16

    Engines Info

    Virus Definitions
    750151

    Engine build
    AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\ATI-CPanel\atipdsxx.dll
    Infected with: Win32.Bacalid.A

    C:\ATI-CPanel\atipdsxx.dll
    Disinfection failed

    C:\ATI-CPanel\atipdsxx.dll
    Deleted

    C:\ATI-CPanel\atipdxxx.dll
    Infected with: Win32.Bacalid.A

    C:\ATI-CPanel\atipdxxx.dll
    Disinfection failed

    C:\ATI-CPanel\atipdxxx.dll
    Deleted

    C:\ATI-CPanel\atiptaxx.exe
    Infected with: Win32.Bacalid.A

    C:\ATI-CPanel\atiptaxx.exe
    Disinfection failed

    C:\ATI-CPanel\atiptaxx.exe
    Deleted

    C:\ATI-CPanel\atipuixx.dll
    Infected with: Win32.Bacalid.A

    C:\ATI-CPanel\atipuixx.dll
    Disinfection failed

    C:\ATI-CPanel\atipuixx.dll
    Deleted

    C:\AUT0EXEC.BAT
    Infected with: Trojan.FakeFolder.A

    C:\AUT0EXEC.BAT
    Disinfection failed

    C:\AUT0EXEC.BAT
    Deleted

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip
    Infected with: Win32.Sober.Y@mm

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip
    Disinfection failed

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)=>reg_pass.zip
    Deleted

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)=>[Subject: Registration Confirmation][Date: Fri, 30 Dec 2005 09:23:48 GMT]=>(MIME part)
    Updated

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx=>(message 12)
    Updated

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\ILasCom (imap free) - Boîte de réception.dbx
    Update failed

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe
    Infected with: Generic.Mitglied.F050E13C

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe
    Disinfection failed

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip=>t_535475.exe
    Deleted

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)=>text_sms.zip
    Updated

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)=>[Subject: ][Date: Tue, 01 Nov 2005 13:58:40 -0500]=>(MIME part)
    Updated

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx=>(message 12)
    Updated

    C:\Documents and Settings\Frédéric\Local Settings\Application Data\Identities\{8EA1D11F-F3CE-4A52-98CB-D37194D7CC0B}\Microsoft\Outlook Express\Perso.dbx
    Update failed

    C:\Documents and Settings\Frédéric\Local Settings\Temp\VCab.DLL
    Infected with: Trojan.Downloader.Small.DQQ

    C:\Documents and Settings\Frédéric\Local Settings\Temp\VCab.DLL
    Disinfection failed

    C:\Documents and Settings\Frédéric\Local Settings\Temp\VCab.DLL
    Delete failed

    C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe
    Infected with: Trojan.Horse.BAU

    C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe
    Disinfection failed

    C:\Program Files\eMule\Temp\008.part=>Need.For.Speed.Carbono.(PC-Spanish).By.Delirium.Group\Keygen\Keygen.exe
    Deleted

    C:\Program Files\eMule\Temp\008.part
    Update failed

    C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139604.dll
    Infected with: Win32.Bacalid.A

    C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139604.dll
    Disinfection failed

    C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139604.dll
    Deleted

    C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139605.BAT
    Infected with: Trojan.FakeFolder.A

    C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139605.BAT
    Disinfection failed

    C:\System Volume Information\_restore{B74278C7-C543-452D-9EE8-2B3B96AB033D}\RP1125\A0139605.BAT
    Deleted

    C:\WINDOWS\system32\dllcache\Regedit32.com
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllcache\Regedit32.com
    Disinfection failed

    C:\WINDOWS\system32\dllcache\Regedit32.com
    Deleted

    C:\WINDOWS\system32\dllcache\Shell32.com
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllcache\Shell32.com
    Disinfection failed

    C:\WINDOWS\system32\dllcache\Shell32.com
    Deleted

    C:\WINDOWS\system32\dllchache\Blank.doc
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllchache\Blank.doc
    Disinfection failed

    C:\WINDOWS\system32\dllchache\Blank.doc
    Delete failed

    C:\WINDOWS\system32\dllchache\Empty.jpg
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllchache\Empty.jpg
    Disinfection failed

    C:\WINDOWS\system32\dllchache\Empty.jpg
    Delete failed

    C:\WINDOWS\system32\dllchache\Hole.zip
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllchache\Hole.zip
    Disinfection failed

    C:\WINDOWS\system32\dllchache\Hole.zip
    Delete failed

    C:\WINDOWS\system32\dllchache\Unoccupied.reg
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllchache\Unoccupied.reg
    Disinfection failed

    C:\WINDOWS\system32\dllchache\Unoccupied.reg
    Delete failed

    C:\WINDOWS\system32\dllchache\Zero.txt
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllchache\Zero.txt
    Disinfection failed

    C:\WINDOWS\system32\dllchache\Zero.txt
    Delete failed

    C:\WINDOWS\system32\dllchache.exe
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\dllchache.exe
    Disinfection failed

    C:\WINDOWS\system32\dllchache.exe
    Deleted

    C:\WINDOWS\system32\M5VBVM60.EXE
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\M5VBVM60.EXE
    Disinfection failed

    C:\WINDOWS\system32\M5VBVM60.EXE
    Deleted

    C:\WINDOWS\system32\rund1132.exe
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32\rund1132.exe
    Disinfection failed

    C:\WINDOWS\system32\rund1132.exe
    Deleted

    C:\WINDOWS\system32.exe
    Infected with: Trojan.FakeFolder.A

    C:\WINDOWS\system32.exe
    Disinfection failed

    C:\WINDOWS\system32.exe
    Deleted
    0
  7. lutherjimmy
     
    Bonjour,

    Voilà quelques heures que mon ordi a retrouvé un comportement normal. Il semblerait que le win32 Trojan-gen qui l'avait complètement paralysé ait disparu. J'attends encore cet après-midi pour voir l'évolution et passerais l'item sur problème résolu.

    Merci, merci et merci à Kevindu36.

    Bien que travaillant dans le monde de l'informatique je ne connais rien à celui des virus. Existe-t-il des bouquins ou des liens de référence qui pourraient venir combler mon ignorance ?

    Lutherjimmy
    0
  8. lutherjimmy
     
    Ben voilà, je crois qu'il a été anéanti ! Une bonne nouvelle.

    Merci encore à Kevindu 36.
    0