Sujet Précédent Sujet Suivant

Virus trojan

Résolu
Blqck.Angel Messages postés 24 Statut Membre -  
Blqck.Angel Messages postés 24 Statut Membre -
Bonjour,
Comme un con, sur msn on m'a envoyé un lien et j'ai cliker dessus. C'était un fichier .exe, je sais qu'il y a unTrojan Horse sur mon pc qui là infecter, mais je n'arrive pas asavoir ce que c'est,et surtout comment le désinfeceter. Svp aider moi, j'ai essayétoute sorte de scan qui ne détecte rien, ou n'arrive pas a scanner certains ficher. Merci d'avance
A voir également:

8 réponses

Réponse 1 / 8
gluo Messages postés 273 Statut Membre 105
 
Bonjour.
Tente un MSNfix.
Voici la procédure :
1)Telecharge msnfix: http://sosvirus.changelog.fr/
2) suis les instructions du site (exécute l'option R).
3) Colle le log ici à la fin (après avoir redémarré si le programme te l'a demandé).

Je te dirai quoi faire ensuite en fonction du log.
0
Réponse 2 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
MSNFix 1.673

C:\MSNFix\MSNFix
Fix exécuté le 01/03/2008 - 17:50:12.09 By Antoine
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt
... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01032008_175638.90.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
gluo Messages postés 273 Statut Membre 105
 
Il en reste des petits bouts:
"/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe"

Telecharges TrojanRemover et suis ce tutoriel : http://www.malekal.com/tutorial_TrojanRemover.php
Redémarre si il te le demande.

Refait ensuite un scan msnfix, et reposte un log.
0
Réponse 3 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
Voici le log de Trojan Remover :

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
01/03/2008 20:44:01: Trojan Remover has been restarted
C:\WINDOWS\system32\drivers\oreans32.sys has been deleted (if it existed)
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\[System] - deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Flash Media] - deleted
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\[ImagePath] - already deleted
=======================================================
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
Unable to rename C:\WINDOWS\system32\drivers\oreans32.sys to C:\WINDOWS\system32\drivers\oreans32.sys.vir
(C:\WINDOWS\system32\drivers\oreans32.sys does not appear to exist)
01/03/2008 20:44:02: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2518. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 01/03/2008 20:39:51
Using Database v6944
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Antoine\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Antoine\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

**************************************************
The following Anti-Malware program(s) are loaded:
[AV Warnings are suppressed]
Nortons Anti-Virus

**************************************************

**************************************************
20:39:51: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
20:39:51: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
20:39:51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
20:39:52: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
64156 bytes
Created: 28/02/2008
Modified: 28/02/2008
Company:
C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe appears to be in-use/locked
C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe - this entry will be removed (no action requested on file)
----------
This key's "System" value calls the following program:
File: kdici.exe
C:\WINDOWS\system32\kdici.exe
?? bytes
Modified: 13/06/2007
Company:
File appears to be hidden using rootkit techniques
kdici.exe - this registry value has been removed [no action requested on file]
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
77824 bytes
Created: 01/01/2005
Modified: 22/12/2004
Company: Realtek Semiconductor Corp.
--------------------
Value Name: NVRaidService
Value Data: C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\nvraidservice.exe
-R- 84480 bytes
Created: 01/01/2005
Modified: 17/01/2005
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
8523776 bytes
Created: 16/06/2005
Modified: 05/12/2007
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1626112 bytes
Created: 16/06/2005
Modified: 05/12/2007
Company:
--------------------
Value Name: SNPSTD2
Value Data: C:\WINDOWS\vsnpstd2.exe
C:\WINDOWS\vsnpstd2.exe
286720 bytes
Created: 01/01/2005
Modified: 30/08/2004
Company:
--------------------
Value Name: WinVNC
Value Data: "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
C:\Program Files\UltraVNC\WinVNC.exe
364544 bytes
Created: 08/05/2007
Modified: 17/07/2006
Company: www.ultravnc.fr
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
48752 bytes
Created: 12/07/2005
Modified: 12/07/2005
Company: Symantec Corporation
--------------------
Value Name: vptray
Value Data: C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
85600 bytes
Created: 18/08/2005
Modified: 18/08/2005
Company: Symantec Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
132496 bytes
Created: 19/10/2007
Modified: 25/09/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: PCSuiteTrayApplication
Value Data: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
229376 bytes
Created: 15/06/2006
Modified: 15/06/2006
Company: Nokia
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
81920 bytes
Created: 16/06/2005
Modified: 05/12/2007
Company: NVIDIA Corporation
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
385024 bytes
Created: 31/01/2008
Modified: 31/01/2008
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
267048 bytes
Created: 19/02/2008
Modified: 19/02/2008
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11/01/2008
Modified: 11/01/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: Flash Media
Value Data: C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
64156 bytes
Created: 28/02/2008
Modified: 28/02/2008
Company:
C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe appears to be in-use/locked
C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe - this registry value has been removed [no action requested on file]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
866384 bytes
Created: 01/03/2008
Modified: 29/02/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

**************************************************
20:40:30: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
20:40:30: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
20:40:30: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmarque.scr
C:\WINDOWS\system32\ssmarque.scr
20992 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------

**************************************************
20:40:30: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
20:40:30: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
20:40:32: Scanning ----- SERVICES REGISTRY KEYS -----
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 31/10/2007
Modified: 31/10/2007
Company: Apple, Inc.
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
185968 bytes
Created: 12/07/2005
Modified: 12/07/2005
Company: Symantec Corporation
----------
Key: ccPwdSvc
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
83568 bytes
Created: 12/07/2005
Modified: 12/07/2005
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
161392 bytes
Created: 12/07/2005
Modified: 12/07/2005
Company: Symantec Corporation
----------
Key: DefWatch
ImagePath: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
C:\Program Files\Symantec AntiVirus\DefWatch.exe
19552 bytes
Created: 18/08/2005
Modified: 18/08/2005
Company: Symantec Corporation
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
385072 bytes
Created: 28/05/2007
Modified: 13/02/2008
Company: Symantec Corporation
----------
Key: EraserUtilDrv10741
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys
109616 bytes
Created: 01/03/2008
Modified: 13/02/2008
Company: Symantec Corporation
----------
Key: GEARAspiWDM
ImagePath: System32\Drivers\GEARAspiWDM.sys
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
15664 bytes
Created: 19/09/2006
Modified: 19/09/2006
Company: GEAR Software Inc.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 03/04/2005
Modified: 03/04/2005
Company: Macrovision Corporation
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe
504104 bytes
Created: 19/02/2008
Modified: 19/02/2008
Company: Apple Inc.
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 01/01/2005
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\naveng.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\naveng.sys
82256 bytes
Created: 01/03/2008
Modified: 20/02/2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\navex15.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\navex15.sys
895376 bytes
Created: 01/03/2008
Modified: 20/02/2008
Company: Symantec Corporation
----------
Key: Nokia USB Generic
ImagePath: system32\drivers\nmwcdc.sys
C:\WINDOWS\system32\drivers\nmwcdc.sys
8704 bytes
Created: 03/10/2007
Modified: 29/05/2006
Company: Nokia
----------
Key: Nokia USB Modem
ImagePath: system32\drivers\nmwcdcm.sys
C:\WINDOWS\system32\drivers\nmwcdcm.sys
13312 bytes
Created: 03/10/2007
Modified: 29/05/2006
Company: Nokia
----------
Key: Nokia USB Phone Parent
ImagePath: system32\drivers\nmwcd.sys
C:\WINDOWS\system32\drivers\nmwcd.sys
127488 bytes
Created: 03/10/2007
Modified: 29/05/2006
Company: Nokia
----------
Key: nvatabus
ImagePath: system32\DRIVERS\nvatabus.sys
C:\WINDOWS\system32\DRIVERS\nvatabus.sys
-R- 92800 bytes
Created: 01/01/2005
Modified: 17/05/2005
Company: NVIDIA Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
-R- 33536 bytes
Created: 01/01/2005
Modified: 05/04/2005
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
-R- 12928 bytes
Created: 01/01/2005
Modified: 05/04/2005
Company: NVIDIA Corporation
----------
Key: nvraid
ImagePath: system32\DRIVERS\nvraid.sys
C:\WINDOWS\system32\DRIVERS\nvraid.sys
-R- 76288 bytes
Created: 01/01/2005
Modified: 17/05/2005
Company: NVIDIA Corporation
----------
Key: oreans32
ImagePath: \??\C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\oreans32.sys - this registry value has been removed [file not found to scan]
C:\WINDOWS\system32\drivers\oreans32.sys - unable to take ownership/change permissions
C:\WINDOWS\system32\drivers\oreans32.sys - file could not be neutralised
[kill file error: C:\WINDOWS\system32\drivers\oreans32.sys, Le fichier spécifié est introuvable.
]
C:\WINDOWS\system32\drivers\oreans32.sys - marked for renaming when the PC is restarted (if it exists)
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
21248 bytes
Created: 01/01/2005
Modified: 19/09/2003
Company: Padus, Inc.
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\WINDOWS\System32\Drivers\PxHelp20.sys
36624 bytes
Created: 26/05/2007
Modified: 23/04/2007
Company: Sonic Solutions
----------
Key: rtl8029
ImagePath: system32\DRIVERS\RTL8029.SYS
C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
19017 bytes
Created: 01/01/2005
Modified: 17/08/2001
Company: Realtek Semiconductor Corporation
----------
Key: SavRoam
ImagePath: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
C:\Program Files\Symantec AntiVirus\SavRoam.exe
127584 bytes
Created: 18/08/2005
Modified: 18/08/2005
Company: symantec
----------
Key: SAVRT
ImagePath: \??\C:\Program Files\Symantec AntiVirus\savrt.sys
C:\Program Files\Symantec AntiVirus\savrt.sys
324232 bytes
Created: 04/02/2005
Modified: 04/02/2005
Company: Symantec Corporation
----------
Key: SAVRTPEL
ImagePath: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
C:\Program Files\Symantec AntiVirus\Savrtpel.sys
53896 bytes
Created: 04/02/2005
Modified: 04/02/2005
Company: Symantec Corporation
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 05/08/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe"
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
174080 bytes
Created: 05/06/2006
Modified: 05/06/2006
Company: Nokia.
----------
Key: SNDSrvc
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
206552 bytes
Created: 22/04/2005
Modified: 22/04/2005
Company: Symantec Corporation
----------
Key: snpstd2
ImagePath: system32\DRIVERS\snpstd2.sys
C:\WINDOWS\system32\DRIVERS\snpstd2.sys
347264 bytes
Created: 01/01/2005
Modified: 14/10/2004
Company:
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
372832 bytes
Created: 30/03/2005
Modified: 30/03/2005
Company: Symantec Corporation
----------
Key: SPBBCSvc
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
992864 bytes
Created: 30/03/2005
Modified: 30/03/2005
Company: Symantec Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: STIrUsb
ImagePath: system32\DRIVERS\irstusb.sys
C:\WINDOWS\system32\DRIVERS\irstusb.sys
31048 bytes
Created: 20/05/2007
Modified: 12/12/2003
Company: SigmaTel, Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{342D3984-E21F-43A3-981C-44220C75A121}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Symantec AntiVirus
ImagePath: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1736800 bytes
Created: 18/08/2005
Modified: 18/08/2005
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Program Files\Symantec\SYMEVENT.SYS
C:\Program Files\Symantec\SYMEVENT.SYS
123488 bytes
Created: 08/05/2007
Modified: 13/05/2005
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17976 bytes
Created: 22/04/2005
Modified: 22/04/2005
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
267192 bytes
Created: 22/04/2005
Modified: 22/04/2005
Company: Symantec Corporation
----------
Key: USBAAPL
ImagePath: System32\Drivers\usbaapl.sys
C:\WINDOWS\System32\Drivers\usbaapl.sys
30464 bytes
Created: 25/12/2007
Modified: 31/10/2007
Company: Apple, Inc.
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: vnccom
ImagePath: System32\Drivers\vnccom.SYS
C:\WINDOWS\System32\Drivers\vnccom.SYS
6016 bytes
Created: 08/05/2007
Modified: 26/06/2004
Company: RDV Soft
----------
Key: vncdrv
ImagePath: system32\DRIVERS\vncdrv.sys
C:\WINDOWS\system32\DRIVERS\vncdrv.sys
4736 bytes
Created: 08/05/2007
Modified: 26/06/2004
Company: RDV Soft
----------
Key: winvnc
ImagePath: "C:\Program Files\UltraVNC\WinVNC.exe" -service
C:\Program Files\UltraVNC\WinVNC.exe
364544 bytes
Created: 08/05/2007
Modified: 17/07/2006
Company: www.ultravnc.fr
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 28/01/2005
Modified: 18/10/2006
Company: Microsoft Corporation
----------

**************************************************
20:40:52: Scanning -----VXD ENTRIES-----

**************************************************
20:40:52: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: NavLogon
DLL: C:\WINDOWS\system32\NavLogon.dll
C:\WINDOWS\system32\NavLogon.dll
43616 bytes
Created: 18/08/2005
Modified: 18/08/2005
Company: Symantec Corporation
----------

**************************************************
20:40:52: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Fichiers hors connexion
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
337920 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: LDVPMenu
CLSID: {BDA77241-42F6-11d0-85E2-00AA001FE28C}
Path: C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
45664 bytes
Created: 18/08/2005
Modified: 18/08/2005
Company: Symantec Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 01/03/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------

**************************************************
20:40:53: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

**************************************************
20:40:53: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
501136 bytes
Created: 19/10/2007
Modified: 25/09/2007
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {E9601C0B-FA98-4E6D-A015-AE5B43F47962}
BHO: C:\WINDOWS\msvidc32.dll
C:\WINDOWS\msvidc32.dll
225792 bytes
Created: 28/02/2008
Modified: 28/02/2008
Company: Adobe
----------

**************************************************
20:40:53: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 05/08/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
233472 bytes
Created: 05/08/2004
Modified: 07/12/2007
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

**************************************************
20:40:53: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1024000 bytes
Created: 05/08/2004
Modified: 11/10/2007
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll
C:\WINDOWS\system32\browseui.dll
1024000 bytes
Created: 05/08/2004
Modified: 11/10/2007
Company: Microsoft Corporation
----------

**************************************************
20:40:53: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
20:40:53: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
20:40:53: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 05/08/2004
Modified: 25/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------

**************************************************
20:40:53: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

**************************************************
20:40:53: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 01/01/2005
Modified: 01/01/2005
Company:
--------------------
C:\Program Files\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 17/02/1999
Modified: 17/02/1999
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
20:40:54: Scanning ----- SCHEDULED TASKS -----
Taskname: AD06E68391716283.job
File: c:\docume~1\antoine\applic~1\showbu~1\setup noun remote.exe
Parameters: [blank]
Next Run Time: 01/03/2008 21:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Antoine
Comments: [blank]
c:\docume~1\antoine\applic~1\showbu~1\setup noun remote.exe [file not found to scan]
----------
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
558424 bytes
Created: 29/08/2007
Modified: 29/08/2007
Company: Apple Inc.
Parameters: -task
Next Run Time: 08/03/2008 16:29:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------

**************************************************
20:40:54: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
3686454 bytes
Created: 24/06/2007
Modified: 24/02/2008
Company:
----------
Additional file checks completed
---------

**************************************************
20:40:54: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[21 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[74 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[58 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[51 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[38 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[157 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[46 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[49 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Symantec AntiVirus\DefWatch.exe
[10 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[40 loaded modules in total]
--------------------
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[100 loaded modules in total]
--------------------
C:\Program Files\UltraVNC\WinVNC.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[31 loaded modules in total]
--------------------
C:\WINDOWS\SOUNDMAN.EXE
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvraidservice.exe
[44 loaded modules in total]
--------------------
C:\WINDOWS\vsnpstd2.exe
[33 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
[62 loaded modules in total]
--------------------
C:\PROGRA~1\SYMANT~1\VPTray.exe
[53 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiprvse.exe
[40 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[22 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
[49 loaded modules in total]
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
[58 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\unsecapp.exe
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[35 loaded modules in total]
--------------------
C:\Program Files\iPod\bin\iPodService.exe
[27 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[143 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
[16 loaded modules in total]
--------------------
C:\WINDOWS\explorer.exe
[92 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[33 loaded modules in total]
--------------------
D:\Valve\Steam.exe
[87 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[89 loaded modules in total]
--------------------
C:\WINDOWS\system32\wuauclt.exe
[40 loaded modules in total]
--------------------
C:\Documents and Settings\Antoine\Application Data\Simply Super Software\Trojan Remover\lfwA1.exe
FileSize: 2515520
[This is a Trojan Remover component]
[30 loaded modules in total]
--------------------

**************************************************
20:41:25: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
20:41:25: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
20:41:25: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.01net.com/telecharger/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.01net.com/telecharger/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.01net.com/telecharger/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.01net.com/telecharger/

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 01/03/2008 20:41:25
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
01/03/2008 20:41:37: restart commenced
************************************************************

Et celui de Msnfix :

MSNFix 1.673

C:\MSNFix\MSNFix
Fix exécuté le 01/03/2008 - 20:51:11.84 By Antoine
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01032008_205713.54.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
gluo Messages postés 273 Statut Membre 105
 
Bon, il reste accroché...
il est possible qu'il ne soit pas seul, fait un hijackthis :
Télécharger Hijackthis sur le bureau : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
= clic droit dessus ==> renommer ==> écrire : "test"( à la place de "hijackthis")
=Double-clic dessus
= Clic Do a system scan and save the log
-- Le Bloc-Notes s'ouvre :
copier coller le contenu du rapport.

on va examiner tout ça.
0
Réponse 4 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
Voila !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:24, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Valve\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MS Video Control 1.0 - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - C:\WINDOWS\msvidc32.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4FB4D9-A5AB-4460-8AC0-6302C8649E8C}: NameServer = 85.255.115.44,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BCEEF47-B798-4328-A8B3-F74AC91A52C5}: NameServer = 85.255.115.44,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B7A862-1315-4CFC-AADC-DC662FE53307}: NameServer = 85.255.115.44,85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
Aussi je ne sais pas si ça peut t'aider mais, souvent mon Pc m'affiche se message d'erreur :

Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!

Click OK to download anti spyware program to clean your system! (recommented)

Encore merci de m'aider, et me proposer des solutions !!
0
Réponse 6 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
JE l'ai refait (la manip ==> hijackthis) et j'obtien ca !!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:13, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Valve\Steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Test.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MS Video Control 1.0 - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - C:\WINDOWS\msvidc32.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4FB4D9-A5AB-4460-8AC0-6302C8649E8C}: NameServer = 85.255.115.44,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BCEEF47-B798-4328-A8B3-F74AC91A52C5}: NameServer = 85.255.115.44,85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{78B7A862-1315-4CFC-AADC-DC662FE53307}: NameServer = 85.255.115.44,85.255.112.187
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
0
gluo Messages postés 273 Statut Membre 105
 
Pour les messages "Telecharger un antispyware", ne le fait surtout pas ! c'est sans doute un virus qui veut que tu telecharge ses mises à jour...

A la vue du log cela confirme mes soupcons, msnfix ne nous a montré que la partie immergée de l'iceberg, sur lequel ton ordinateur s'est échoué...

On commence par les spywares :
Télécharger Fixwareout : http://downloads.subratam.org/Fixwareout.exe
->Installer
->une fenêtre DOS s’ouvre, appuyer sur une touche
->Un message en anglais ( demandant le redémarrage du PC) ==> Clic OK ( ou oui )
Note : le redémarrage est assez long ( il faut cliquer plusieurs fois OK)
Copier et coller le rapport dans la réponse (C:\fixwareout\report.txt)
= supprimer Fixwareout sur le bureau
Et dans C:\ ==> Fixwareout et dnsback
====================
Télécharger sur le bureau Smitfraudfix : http://siri.urz.free.fr/Fix/SmitfraudFix.zip
->Double clic sur SmitfraudFix.zip
->Extraire tout
->Double clic sur SmitfraudFix
->Double Clic sur SmitfraudFix.cmd ( symbole roue dentée)
->Choisir Option 1
->Sauver le rapport
---------
Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
!! Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes !!
Pour redémarrer en mode sans échec :
Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec, appuyer sur entrée,puis ton nom utilisateur habituel
---
Relancer Smitfraudfix
->Choisir Option 2
->Sauver le rapport
->Copier/coller les rapports dans la réponse
================
puis refaire un rapport hijackthis

Tu fait tout ça et tu colle tous les rapports.
0
Réponse 7 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
A vrai dire, j'ai un probleme avec internet !! Mon pc affiche que j'ai internet, je l'ai réelement, mais tout ce qui est Firefox, mail, msn, je ne peut pas ma conncter !! J'ai donc décidé de faire un formatage de mon pc, en espérant que le(s) virus y soit détruit(s) aussi !!

ps: j'écris sur un autre pc que le mien !!
0
gluo Messages postés 273 Statut Membre 105
 
Comme tu veut.
En formatant, c'est sûr, il ne restera plus rien, mais alors rien du tout ^^.

Fait une sauvegarde de tes fichiers avant de formater quand même...

@+.
0
Réponse 8 / 8
Blqck.Angel Messages postés 24 Statut Membre
 
Tkt pas pour ça :p !! J'ai un disc dure externe, j'y est mis tout mes fichier (qui m'intéressait).
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses