Virus trojan

Résolu
Blqck.Angel Messages postés 24 Statut Membre -  
Blqck.Angel Messages postés 24 Statut Membre -
Bonjour,
Comme un con, sur msn on m'a envoyé un lien et j'ai cliker dessus. C'était un fichier .exe, je sais qu'il y a unTrojan Horse sur mon pc qui là infecter, mais je n'arrive pas asavoir ce que c'est,et surtout comment le désinfeceter. Svp aider moi, j'ai essayétoute sorte de scan qui ne détecte rien, ou n'arrive pas a scanner certains ficher. Merci d'avance
Configuration: Windows XP
Internet Explorer 7.0

8 réponses

  1. gluo Messages postés 273 Statut Membre 105
     
    Bonjour.
    Tente un MSNfix.
    Voici la procédure :
    1)Telecharge msnfix: http://sosvirus.changelog.fr/
    2) suis les instructions du site (exécute l'option R).
    3) Colle le log ici à la fin (après avoir redémarré si le programme te l'a demandé).

    Je te dirai quoi faire ensuite en fonction du log.
    0
  2. Blqck.Angel Messages postés 24 Statut Membre
     
    MSNFix 1.673

    C:\MSNFix\MSNFix
    Fix exécuté le 01/03/2008 - 17:50:12.09 By Antoine
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\WINDOWS\system32\real.txt
    ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\real.txt
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\real.txt
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01032008_175638.90.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
    1. gluo Messages postés 273 Statut Membre 105
       
      Il en reste des petits bouts:
      "/!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe"

      Telecharges TrojanRemover et suis ce tutoriel : http://www.malekal.com/tutorial_TrojanRemover.php
      Redémarre si il te le demande.

      Refait ensuite un scan msnfix, et reposte un log.
      0
  3. Blqck.Angel Messages postés 24 Statut Membre
     
    Voici le log de Trojan Remover :

    ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
    01/03/2008 20:44:01: Trojan Remover has been restarted
    C:\WINDOWS\system32\drivers\oreans32.sys has been deleted (if it existed)
    =======================================================
    Deleting the following registry value(s):
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\[System] - deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Flash Media] - deleted
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\[ImagePath] - already deleted
    =======================================================
    Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
    The Cleanup Utility was used to remove locked registry keys.
    Unable to rename C:\WINDOWS\system32\drivers\oreans32.sys to C:\WINDOWS\system32\drivers\oreans32.sys.vir
    (C:\WINDOWS\system32\drivers\oreans32.sys does not appear to exist)
    01/03/2008 20:44:02: Trojan Remover closed
    ************************************************************

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.6.8.2518. For information, email support@simplysup.com
    [Unregistered version]
    Scan started at: 01/03/2008 20:39:51
    Using Database v6944
    Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
    File System: NTFS
    Data directory: C:\Documents and Settings\Antoine\Application Data\Simply Super Software\Trojan Remover\
    Logfile directory: C:\Documents and Settings\Antoine\Mes documents\Simply Super Software\Trojan Remover Logfiles\
    Program directory: C:\Program Files\Trojan Remover\
    Running with Administrator privileges

    **************************************************
    The following Anti-Malware program(s) are loaded:
    [AV Warnings are suppressed]
    Nortons Anti-Virus

    **************************************************

    **************************************************
    20:39:51: Scanning ----------WIN.INI-----------
    WIN.INI found in C:\WINDOWS

    **************************************************
    20:39:51: Scanning --------SYSTEM.INI---------
    SYSTEM.INI found in C:\WINDOWS

    **************************************************
    20:39:51: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    **************************************************
    20:39:52: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    File: Explorer.exe
    C:\WINDOWS\Explorer.exe
    1037312 bytes
    Created: 05/08/2004
    Modified: 13/06/2007
    Company: Microsoft Corporation
    ----------
    This key's "Userinit" value calls the following program(s):
    File: C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\userinit.exe
    25088 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    File: C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    64156 bytes
    Created: 28/02/2008
    Modified: 28/02/2008
    Company:
    C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe appears to be in-use/locked
    C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe - this entry will be removed (no action requested on file)
    ----------
    This key's "System" value calls the following program:
    File: kdici.exe
    C:\WINDOWS\system32\kdici.exe
    ?? bytes
    Modified: 13/06/2007
    Company:
    File appears to be hidden using rootkit techniques
    kdici.exe - this registry value has been removed [no action requested on file]
    ----------
    This key's "UIHost" value calls the following program:
    File: logonui.exe
    C:\WINDOWS\system32\logonui.exe
    515584 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value Name: SoundMan
    Value Data: SOUNDMAN.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    77824 bytes
    Created: 01/01/2005
    Modified: 22/12/2004
    Company: Realtek Semiconductor Corp.
    --------------------
    Value Name: NVRaidService
    Value Data: C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\system32\nvraidservice.exe
    -R- 84480 bytes
    Created: 01/01/2005
    Modified: 17/01/2005
    Company: NVIDIA Corporation
    --------------------
    Value Name: NvCplDaemon
    Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    C:\WINDOWS\system32\NvCpl.dll
    8523776 bytes
    Created: 16/06/2005
    Modified: 05/12/2007
    Company: NVIDIA Corporation
    --------------------
    Value Name: nwiz
    Value Data: nwiz.exe /install
    C:\WINDOWS\system32\nwiz.exe
    1626112 bytes
    Created: 16/06/2005
    Modified: 05/12/2007
    Company:
    --------------------
    Value Name: SNPSTD2
    Value Data: C:\WINDOWS\vsnpstd2.exe
    C:\WINDOWS\vsnpstd2.exe
    286720 bytes
    Created: 01/01/2005
    Modified: 30/08/2004
    Company:
    --------------------
    Value Name: WinVNC
    Value Data: "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    C:\Program Files\UltraVNC\WinVNC.exe
    364544 bytes
    Created: 08/05/2007
    Modified: 17/07/2006
    Company: www.ultravnc.fr
    --------------------
    Value Name: ccApp
    Value Data: "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    48752 bytes
    Created: 12/07/2005
    Modified: 12/07/2005
    Company: Symantec Corporation
    --------------------
    Value Name: vptray
    Value Data: C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    85600 bytes
    Created: 18/08/2005
    Modified: 18/08/2005
    Company: Symantec Corporation
    --------------------
    Value Name: SunJavaUpdateSched
    Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    132496 bytes
    Created: 19/10/2007
    Modified: 25/09/2007
    Company: Sun Microsystems, Inc.
    --------------------
    Value Name: PCSuiteTrayApplication
    Value Data: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    229376 bytes
    Created: 15/06/2006
    Modified: 15/06/2006
    Company: Nokia
    --------------------
    Value Name: NvMediaCenter
    Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    C:\WINDOWS\system32\NvMcTray.dll
    81920 bytes
    Created: 16/06/2005
    Modified: 05/12/2007
    Company: NVIDIA Corporation
    --------------------
    Value Name: QuickTime Task
    Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    C:\Program Files\QuickTime\QTTask.exe
    385024 bytes
    Created: 31/01/2008
    Modified: 31/01/2008
    Company: Apple Inc.
    --------------------
    Value Name: iTunesHelper
    Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
    C:\Program Files\iTunes\iTunesHelper.exe
    267048 bytes
    Created: 19/02/2008
    Modified: 19/02/2008
    Company: Apple Inc.
    --------------------
    Value Name: Adobe Reader Speed Launcher
    Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    39792 bytes
    Created: 11/01/2008
    Modified: 11/01/2008
    Company: Adobe Systems Incorporated
    --------------------
    Value Name: Flash Media
    Value Data: C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    64156 bytes
    Created: 28/02/2008
    Modified: 28/02/2008
    Company:
    C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe appears to be in-use/locked
    C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe - this registry value has been removed [no action requested on file]
    --------------------
    Value Name: TrojanScanner
    Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
    C:\Program Files\Trojan Remover\Trjscan.exe
    866384 bytes
    Created: 01/03/2008
    Modified: 29/02/2008
    Company: Simply Super Software
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Value Name: CTFMON.EXE
    Value Data: C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    15360 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    This Registry Key appears to be empty

    **************************************************
    20:40:30: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
    File: shell32.dll - this file is expected and has been left in place
    ----------

    **************************************************
    20:40:30: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    **************************************************
    20:40:30: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver: C:\WINDOWS\system32\ssmarque.scr
    C:\WINDOWS\system32\ssmarque.scr
    20992 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------

    **************************************************
    20:40:30: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

    **************************************************
    20:40:30: Scanning ----- SERVICEDLL REGISTRY KEYS -----

    **************************************************
    20:40:32: Scanning ----- SERVICES REGISTRY KEYS -----
    Key: Apple Mobile Device
    ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    110592 bytes
    Created: 31/10/2007
    Modified: 31/10/2007
    Company: Apple, Inc.
    ----------
    Key: ccEvtMgr
    ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    185968 bytes
    Created: 12/07/2005
    Modified: 12/07/2005
    Company: Symantec Corporation
    ----------
    Key: ccPwdSvc
    ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe"
    C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    83568 bytes
    Created: 12/07/2005
    Modified: 12/07/2005
    Company: Symantec Corporation
    ----------
    Key: ccSetMgr
    ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    161392 bytes
    Created: 12/07/2005
    Modified: 12/07/2005
    Company: Symantec Corporation
    ----------
    Key: DefWatch
    ImagePath: "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    19552 bytes
    Created: 18/08/2005
    Modified: 18/08/2005
    Company: Symantec Corporation
    ----------
    Key: eeCtrl
    ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
    C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
    385072 bytes
    Created: 28/05/2007
    Modified: 13/02/2008
    Company: Symantec Corporation
    ----------
    Key: EraserUtilDrv10741
    ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys
    C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrv10741.sys
    109616 bytes
    Created: 01/03/2008
    Modified: 13/02/2008
    Company: Symantec Corporation
    ----------
    Key: GEARAspiWDM
    ImagePath: System32\Drivers\GEARAspiWDM.sys
    C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
    15664 bytes
    Created: 19/09/2006
    Modified: 19/09/2006
    Company: GEAR Software Inc.
    ----------
    Key: IDriverT
    ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    69632 bytes
    Created: 03/04/2005
    Modified: 03/04/2005
    Company: Macrovision Corporation
    ----------
    Key: iPod Service
    ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
    C:\Program Files\iPod\bin\iPodService.exe
    504104 bytes
    Created: 19/02/2008
    Modified: 19/02/2008
    Company: Apple Inc.
    ----------
    Key: irsir
    ImagePath: system32\DRIVERS\irsir.sys
    C:\WINDOWS\system32\DRIVERS\irsir.sys
    18688 bytes
    Created: 01/01/2005
    Modified: 17/08/2001
    Company: Microsoft Corporation
    ----------
    Key: NAVENG
    ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\naveng.sys
    C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\naveng.sys
    82256 bytes
    Created: 01/03/2008
    Modified: 20/02/2008
    Company: Symantec Corporation
    ----------
    Key: NAVEX15
    ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\navex15.sys
    C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080301.003\navex15.sys
    895376 bytes
    Created: 01/03/2008
    Modified: 20/02/2008
    Company: Symantec Corporation
    ----------
    Key: Nokia USB Generic
    ImagePath: system32\drivers\nmwcdc.sys
    C:\WINDOWS\system32\drivers\nmwcdc.sys
    8704 bytes
    Created: 03/10/2007
    Modified: 29/05/2006
    Company: Nokia
    ----------
    Key: Nokia USB Modem
    ImagePath: system32\drivers\nmwcdcm.sys
    C:\WINDOWS\system32\drivers\nmwcdcm.sys
    13312 bytes
    Created: 03/10/2007
    Modified: 29/05/2006
    Company: Nokia
    ----------
    Key: Nokia USB Phone Parent
    ImagePath: system32\drivers\nmwcd.sys
    C:\WINDOWS\system32\drivers\nmwcd.sys
    127488 bytes
    Created: 03/10/2007
    Modified: 29/05/2006
    Company: Nokia
    ----------
    Key: nvatabus
    ImagePath: system32\DRIVERS\nvatabus.sys
    C:\WINDOWS\system32\DRIVERS\nvatabus.sys
    -R- 92800 bytes
    Created: 01/01/2005
    Modified: 17/05/2005
    Company: NVIDIA Corporation
    ----------
    Key: NVENETFD
    ImagePath: system32\DRIVERS\NVENETFD.sys
    C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
    -R- 33536 bytes
    Created: 01/01/2005
    Modified: 05/04/2005
    Company: NVIDIA Corporation
    ----------
    Key: nvnetbus
    ImagePath: system32\DRIVERS\nvnetbus.sys
    C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
    -R- 12928 bytes
    Created: 01/01/2005
    Modified: 05/04/2005
    Company: NVIDIA Corporation
    ----------
    Key: nvraid
    ImagePath: system32\DRIVERS\nvraid.sys
    C:\WINDOWS\system32\DRIVERS\nvraid.sys
    -R- 76288 bytes
    Created: 01/01/2005
    Modified: 17/05/2005
    Company: NVIDIA Corporation
    ----------
    Key: oreans32
    ImagePath: \??\C:\WINDOWS\system32\drivers\oreans32.sys
    C:\WINDOWS\system32\drivers\oreans32.sys - this registry value has been removed [file not found to scan]
    C:\WINDOWS\system32\drivers\oreans32.sys - unable to take ownership/change permissions
    C:\WINDOWS\system32\drivers\oreans32.sys - file could not be neutralised
    [kill file error: C:\WINDOWS\system32\drivers\oreans32.sys, Le fichier spécifié est introuvable.
    ]
    C:\WINDOWS\system32\drivers\oreans32.sys - marked for renaming when the PC is restarted (if it exists)
    ----------
    Key: pfc
    ImagePath: system32\drivers\pfc.sys
    C:\WINDOWS\system32\drivers\pfc.sys
    21248 bytes
    Created: 01/01/2005
    Modified: 19/09/2003
    Company: Padus, Inc.
    ----------
    Key: PxHelp20
    ImagePath: System32\Drivers\PxHelp20.sys
    C:\WINDOWS\System32\Drivers\PxHelp20.sys
    36624 bytes
    Created: 26/05/2007
    Modified: 23/04/2007
    Company: Sonic Solutions
    ----------
    Key: rtl8029
    ImagePath: system32\DRIVERS\RTL8029.SYS
    C:\WINDOWS\system32\DRIVERS\RTL8029.SYS
    19017 bytes
    Created: 01/01/2005
    Modified: 17/08/2001
    Company: Realtek Semiconductor Corporation
    ----------
    Key: SavRoam
    ImagePath: "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    127584 bytes
    Created: 18/08/2005
    Modified: 18/08/2005
    Company: symantec
    ----------
    Key: SAVRT
    ImagePath: \??\C:\Program Files\Symantec AntiVirus\savrt.sys
    C:\Program Files\Symantec AntiVirus\savrt.sys
    324232 bytes
    Created: 04/02/2005
    Modified: 04/02/2005
    Company: Symantec Corporation
    ----------
    Key: SAVRTPEL
    ImagePath: \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    C:\Program Files\Symantec AntiVirus\Savrtpel.sys
    53896 bytes
    Created: 04/02/2005
    Modified: 04/02/2005
    Company: Symantec Corporation
    ----------
    Key: Secdrv
    ImagePath: system32\DRIVERS\secdrv.sys
    C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20480 bytes
    Created: 05/08/2004
    Modified: 13/11/2007
    Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
    ----------
    Key: ServiceLayer
    ImagePath: "C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe"
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    174080 bytes
    Created: 05/06/2006
    Modified: 05/06/2006
    Company: Nokia.
    ----------
    Key: SNDSrvc
    ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    206552 bytes
    Created: 22/04/2005
    Modified: 22/04/2005
    Company: Symantec Corporation
    ----------
    Key: snpstd2
    ImagePath: system32\DRIVERS\snpstd2.sys
    C:\WINDOWS\system32\DRIVERS\snpstd2.sys
    347264 bytes
    Created: 01/01/2005
    Modified: 14/10/2004
    Company:
    ----------
    Key: SPBBCDrv
    ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
    372832 bytes
    Created: 30/03/2005
    Modified: 30/03/2005
    Company: Symantec Corporation
    ----------
    Key: SPBBCSvc
    ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    992864 bytes
    Created: 30/03/2005
    Modified: 30/03/2005
    Company: Symantec Corporation
    ----------
    Key: sptd
    ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
    ----------
    Key: STIrUsb
    ImagePath: system32\DRIVERS\irstusb.sys
    C:\WINDOWS\system32\DRIVERS\irstusb.sys
    31048 bytes
    Created: 20/05/2007
    Modified: 12/12/2003
    Company: SigmaTel, Inc.
    ----------
    Key: SwPrv
    ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{342D3984-E21F-43A3-981C-44220C75A121}
    C:\WINDOWS\system32\dllhost.exe
    5120 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Symantec AntiVirus
    ImagePath: "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    1736800 bytes
    Created: 18/08/2005
    Modified: 18/08/2005
    Company: Symantec Corporation
    ----------
    Key: SymEvent
    ImagePath: \??\C:\Program Files\Symantec\SYMEVENT.SYS
    C:\Program Files\Symantec\SYMEVENT.SYS
    123488 bytes
    Created: 08/05/2007
    Modified: 13/05/2005
    Company: Symantec Corporation
    ----------
    Key: SYMREDRV
    ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
    C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
    17976 bytes
    Created: 22/04/2005
    Modified: 22/04/2005
    Company: Symantec Corporation
    ----------
    Key: SYMTDI
    ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
    C:\WINDOWS\System32\Drivers\SYMTDI.SYS
    267192 bytes
    Created: 22/04/2005
    Modified: 22/04/2005
    Company: Symantec Corporation
    ----------
    Key: USBAAPL
    ImagePath: System32\Drivers\usbaapl.sys
    C:\WINDOWS\System32\Drivers\usbaapl.sys
    30464 bytes
    Created: 25/12/2007
    Modified: 31/10/2007
    Company: Apple, Inc.
    ----------
    Key: usnjsvc
    ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    98328 bytes
    Created: 18/10/2007
    Modified: 18/10/2007
    Company: Microsoft Corporation
    ----------
    Key: vnccom
    ImagePath: System32\Drivers\vnccom.SYS
    C:\WINDOWS\System32\Drivers\vnccom.SYS
    6016 bytes
    Created: 08/05/2007
    Modified: 26/06/2004
    Company: RDV Soft
    ----------
    Key: vncdrv
    ImagePath: system32\DRIVERS\vncdrv.sys
    C:\WINDOWS\system32\DRIVERS\vncdrv.sys
    4736 bytes
    Created: 08/05/2007
    Modified: 26/06/2004
    Company: RDV Soft
    ----------
    Key: winvnc
    ImagePath: "C:\Program Files\UltraVNC\WinVNC.exe" -service
    C:\Program Files\UltraVNC\WinVNC.exe
    364544 bytes
    Created: 08/05/2007
    Modified: 17/07/2006
    Company: www.ultravnc.fr
    ----------
    Key: WLSetupSvc
    ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    266240 bytes
    Created: 25/10/2007
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: WpdUsb
    ImagePath: system32\DRIVERS\wpdusb.sys
    C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    38528 bytes
    Created: 28/01/2005
    Modified: 18/10/2006
    Company: Microsoft Corporation
    ----------

    **************************************************
    20:40:52: Scanning -----VXD ENTRIES-----

    **************************************************
    20:40:52: Scanning ----- WINLOGON\NOTIFY DLLS -----
    Key: NavLogon
    DLL: C:\WINDOWS\system32\NavLogon.dll
    C:\WINDOWS\system32\NavLogon.dll
    43616 bytes
    Created: 18/08/2005
    Modified: 18/08/2005
    Company: Symantec Corporation
    ----------

    **************************************************
    20:40:52: Scanning ----- CONTEXTMENUHANDLERS -----
    Key: Fichiers hors connexion
    CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
    Path: %SystemRoot%\System32\cscui.dll
    C:\WINDOWS\System32\cscui.dll
    337920 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: LDVPMenu
    CLSID: {BDA77241-42F6-11d0-85E2-00AA001FE28C}
    Path: C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
    C:\Program Files\Fichiers communs\Symantec Shared\SSC\vpshell2.dll
    45664 bytes
    Created: 18/08/2005
    Modified: 18/08/2005
    Company: Symantec Corporation
    ----------
    Key: Open With
    CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
    Path: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: Open With EncryptionMenu
    CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
    Path: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: Trojan Remover
    CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
    Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
    C:\PROGRA~1\TROJAN~1\Trshlex.dll
    467552 bytes
    Created: 01/03/2008
    Modified: 05/02/2007
    Company: Simply Super Software
    ----------
    Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Path: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------

    **************************************************
    20:40:53: Scanning ----- FOLDER\COLUMNHANDLERS -----
    Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    File: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
    File: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
    File: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
    File: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
    File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    372736 bytes
    Created: 10/05/2007
    Modified: 10/05/2007
    Company: Adobe Systems, Inc.
    ----------

    **************************************************
    20:40:53: Scanning ----- BROWSER HELPER OBJECTS -----
    Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    62080 bytes
    Created: 22/10/2006
    Modified: 22/10/2006
    Company: Adobe Systems Incorporated
    ----------
    Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    BHO: C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    501136 bytes
    Created: 19/10/2007
    Modified: 25/09/2007
    Company: Sun Microsystems, Inc.
    ----------
    Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
    BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    328752 bytes
    Created: 20/09/2007
    Modified: 20/09/2007
    Company: Microsoft Corporation
    ----------
    Key: {E9601C0B-FA98-4E6D-A015-AE5B43F47962}
    BHO: C:\WINDOWS\msvidc32.dll
    C:\WINDOWS\msvidc32.dll
    225792 bytes
    Created: 28/02/2008
    Modified: 28/02/2008
    Company: Adobe
    ----------

    **************************************************
    20:40:53: Scanning ----- SHELLSERVICEOBJECTS -----
    Key: PostBootReminder
    CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
    Path: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: CDBurn
    CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
    Path: %SystemRoot%\system32\SHELL32.dll
    C:\WINDOWS\system32\SHELL32.dll
    8516608 bytes
    Created: 05/08/2004
    Modified: 25/10/2007
    Company: Microsoft Corporation
    ----------
    Key: WebCheck
    CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    Path: C:\WINDOWS\system32\webcheck.dll
    C:\WINDOWS\system32\webcheck.dll
    233472 bytes
    Created: 05/08/2004
    Modified: 07/12/2007
    Company: Microsoft Corporation
    ----------
    Key: SysTray
    CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
    Path: C:\WINDOWS\system32\stobject.dll
    C:\WINDOWS\system32\stobject.dll
    122368 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: WPDShServiceObj
    CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
    Path: C:\WINDOWS\system32\WPDShServiceObj.dll
    C:\WINDOWS\system32\WPDShServiceObj.dll
    133632 bytes
    Created: 18/10/2006
    Modified: 18/10/2006
    Company: Microsoft Corporation
    ----------

    **************************************************
    20:40:53: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
    Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
    Comment: Pré-chargeur Browseui
    File: %SystemRoot%\system32\browseui.dll
    C:\WINDOWS\system32\browseui.dll
    1024000 bytes
    Created: 05/08/2004
    Modified: 11/10/2007
    Company: Microsoft Corporation
    ----------
    Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
    Comment: Démon de cache des catégories de composant
    File: %SystemRoot%\system32\browseui.dll
    C:\WINDOWS\system32\browseui.dll
    1024000 bytes
    Created: 05/08/2004
    Modified: 11/10/2007
    Company: Microsoft Corporation
    ----------

    **************************************************
    20:40:53: Scanning ----- IMAGEFILE DEBUGGERS -----
    No "Debugger" entries found.

    **************************************************
    20:40:53: Scanning ----- APPINIT_DLLS -----
    The AppInit_DLLs value is blank

    **************************************************
    20:40:53: Scanning ----- SECURITY PROVIDER DLLS -----
    DLL: msapsspc.dll
    C:\WINDOWS\system32\msapsspc.dll
    86016 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    DLL: schannel.dll
    C:\WINDOWS\system32\schannel.dll
    144896 bytes
    Created: 05/08/2004
    Modified: 25/04/2007
    Company: Microsoft Corporation
    ----------
    DLL: digest.dll
    C:\WINDOWS\system32\digest.dll
    68608 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    DLL: msnsspc.dll
    C:\WINDOWS\system32\msnsspc.dll
    290816 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------

    **************************************************
    20:40:53: Scanning ------ USER STARTUP GROUPS ------
    Checking Startup Group for All Users
    [C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
    No Startup files for All Users were located to check

    **************************************************
    20:40:53: Scanning ------ COMMON STARTUP GROUP ------
    [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
    The Common Startup Group attempts to load the following file(s) at boot time:
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
    -HS- 84 bytes
    Created: 01/01/2005
    Modified: 01/01/2005
    Company:
    --------------------
    C:\Program Files\Microsoft Office\Office\OSA9.EXE
    65588 bytes
    Created: 17/02/1999
    Modified: 17/02/1999
    Company: Microsoft Corporation
    Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
    --------------------

    **************************************************
    No User Startup Groups were located to check

    **************************************************
    20:40:54: Scanning ----- SCHEDULED TASKS -----
    Taskname: AD06E68391716283.job
    File: c:\docume~1\antoine\applic~1\showbu~1\setup noun remote.exe
    Parameters: [blank]
    Next Run Time: 01/03/2008 21:00:00
    Status: La tâche est prête à s'exécuter à l'heure prévue
    Creator: Antoine
    Comments: [blank]
    c:\docume~1\antoine\applic~1\showbu~1\setup noun remote.exe [file not found to scan]
    ----------
    Taskname: AppleSoftwareUpdate.job
    File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    558424 bytes
    Created: 29/08/2007
    Modified: 29/08/2007
    Company: Apple Inc.
    Parameters: -task
    Next Run Time: 08/03/2008 16:29:00
    Status: La tâche est prête à s'exécuter à l'heure prévue
    Creator: SYSTEM
    Comments: [blank]
    ----------

    **************************************************
    20:40:54: ----- ADDITIONAL CHECKS -----
    PE386 rootkit checks completed
    ----------
    Winlogon registry rootkit checks completed
    ----------
    Heuristic checks for hidden files/drivers completed
    ----------
    Layered Service Provider entries checks completed
    ---------
    Windows Explorer Policies checks completed
    ----------
    Desktop Wallpaper: C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    C:\Documents and Settings\Antoine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    3686454 bytes
    Created: 24/06/2007
    Modified: 24/02/2008
    Company:
    ----------
    Additional file checks completed
    ---------

    **************************************************
    20:40:54: Scanning ----- RUNNING PROCESSES -----
    [Only loaded modules not scanned already
    during this scan will be scanned here]

    C:\WINDOWS\System32\smss.exe
    [1 loaded module]
    --------------------
    C:\WINDOWS\system32\csrss.exe
    [21 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\winlogon.exe
    [74 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\services.exe
    [26 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\lsass.exe
    [58 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [51 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [38 loaded modules in total]
    --------------------
    C:\WINDOWS\System32\svchost.exe
    [157 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [29 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [29 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [46 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    [38 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    [41 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\spoolsv.exe
    [49 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    [19 loaded modules in total]
    --------------------
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    [10 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\nvsvc32.exe
    [37 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [40 loaded modules in total]
    --------------------
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    [100 loaded modules in total]
    --------------------
    C:\Program Files\UltraVNC\WinVNC.exe
    [30 loaded modules in total]
    --------------------
    C:\WINDOWS\System32\alg.exe
    [31 loaded modules in total]
    --------------------
    C:\WINDOWS\SOUNDMAN.EXE
    [37 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\nvraidservice.exe
    [44 loaded modules in total]
    --------------------
    C:\WINDOWS\vsnpstd2.exe
    [33 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    [62 loaded modules in total]
    --------------------
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    [53 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    [40 loaded modules in total]
    --------------------
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    [22 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    [49 loaded modules in total]
    --------------------
    C:\Program Files\iTunes\iTunesHelper.exe
    [58 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\wbem\unsecapp.exe
    [41 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\ctfmon.exe
    [35 loaded modules in total]
    --------------------
    C:\Program Files\iPod\bin\iPodService.exe
    [27 loaded modules in total]
    --------------------
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    [143 loaded modules in total]
    --------------------
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    [16 loaded modules in total]
    --------------------
    C:\WINDOWS\explorer.exe
    [92 loaded modules in total]
    --------------------
    C:\WINDOWS\System32\svchost.exe
    [33 loaded modules in total]
    --------------------
    D:\Valve\Steam.exe
    [87 loaded modules in total]
    --------------------
    C:\Program Files\Mozilla Firefox\firefox.exe
    [89 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\wuauclt.exe
    [40 loaded modules in total]
    --------------------
    C:\Documents and Settings\Antoine\Application Data\Simply Super Software\Trojan Remover\lfwA1.exe
    FileSize: 2515520
    [This is a Trojan Remover component]
    [30 loaded modules in total]
    --------------------

    **************************************************
    20:41:25: Checking AUTOEXEC.BAT file
    AUTOEXEC.BAT found in C:\
    No malicious entries were found in the AUTOEXEC.BAT file

    **************************************************
    20:41:25: Checking AUTOEXEC.NT file
    AUTOEXEC.NT found in C:\WINDOWS\system32
    No malicious entries were found in the AUTOEXEC.NT file

    **************************************************
    20:41:25: Checking HOSTS file
    No malicious entries were found in the HOSTS file

    **************************************************
    ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
    https://www.01net.com/telecharger/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
    https://www.01net.com/telecharger/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
    https://www.01net.com/telecharger/
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
    https://www.01net.com/telecharger/

    **************************************************
    === CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
    Scan completed at: 01/03/2008 20:41:25
    -------------------------------------------------------------------------
    One or more files could not be moved or renamed as requested.
    They may be in use by Windows, so Trojan Remover needs
    to restart the system in order to deal with these files.
    01/03/2008 20:41:37: restart commenced
    ************************************************************

    Et celui de Msnfix :

    MSNFix 1.673

    C:\MSNFix\MSNFix
    Fix exécuté le 01/03/2008 - 20:51:11.84 By Antoine
    mode normal

    ************************ Recherche les fichiers présents

    ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

    ************************ Recherche les dossiers présents

    Aucun dossier trouvé

    ************************ Suppression des fichiers

    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

    ************************ Nettoyage du registre

    Les fichiers encore présents seront supprimés au prochain redémarrage

    ************************ Suppression des fichiers

    .. OK ... C:\WINDOWS\system32\real.txt
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    /!\ ... C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01032008_205713.54.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------
    0
    1. gluo Messages postés 273 Statut Membre 105
       
      Bon, il reste accroché...
      il est possible qu'il ne soit pas seul, fait un hijackthis :
      Télécharger Hijackthis sur le bureau : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
      = clic droit dessus ==> renommer ==> écrire : "test"( à la place de "hijackthis")
      =Double-clic dessus
      = Clic Do a system scan and save the log
      -- Le Bloc-Notes s'ouvre :
      copier coller le contenu du rapport.

      on va examiner tout ça.
      0
  4. Blqck.Angel Messages postés 24 Statut Membre
     
    Voila !!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:21:24, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Valve\Steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    F:\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MS Video Control 1.0 - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - C:\WINDOWS\msvidc32.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4FB4D9-A5AB-4460-8AC0-6302C8649E8C}: NameServer = 85.255.115.44,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BCEEF47-B798-4328-A8B3-F74AC91A52C5}: NameServer = 85.255.115.44,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78B7A862-1315-4CFC-AADC-DC662FE53307}: NameServer = 85.255.115.44,85.255.112.187
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Blqck.Angel Messages postés 24 Statut Membre
     
    Aussi je ne sais pas si ça peut t'aider mais, souvent mon Pc m'affiche se message d'erreur :

    Your computer was infected by unknown trojan.
    It's dangerous for your system (critical files can be lost)!

    Click OK to download anti spyware program to clean your system! (recommented)

    Encore merci de m'aider, et me proposer des solutions !!
    0
  7. Blqck.Angel Messages postés 24 Statut Membre
     
    JE l'ai refait (la manip ==> hijackthis) et j'obtien ca !!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:50:13, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\UltraVNC\WinVNC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\nvraidservice.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    D:\Valve\Steam.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    F:\Test.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MS Video Control 1.0 - {E9601C0B-FA98-4E6D-A015-AE5B43F47962} - C:\WINDOWS\msvidc32.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Antoine\LOCALS~1\Temp\services.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6CCE3920-3183-4B3D-808A-B12EB769DE12} (CSS Web Installer Class) - http://ww11.commandondemand.com/eval/cod/cabs/cssweb.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2C4FB4D9-A5AB-4460-8AC0-6302C8649E8C}: NameServer = 85.255.115.44,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4BCEEF47-B798-4328-A8B3-F74AC91A52C5}: NameServer = 85.255.115.44,85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\..\{78B7A862-1315-4CFC-AADC-DC662FE53307}: NameServer = 85.255.115.44,85.255.112.187
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.44 85.255.112.187
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
    0
    1. gluo Messages postés 273 Statut Membre 105
       
      Pour les messages "Telecharger un antispyware", ne le fait surtout pas ! c'est sans doute un virus qui veut que tu telecharge ses mises à jour...

      A la vue du log cela confirme mes soupcons, msnfix ne nous a montré que la partie immergée de l'iceberg, sur lequel ton ordinateur s'est échoué...

      On commence par les spywares :
      Télécharger Fixwareout : http://downloads.subratam.org/Fixwareout.exe
      ->Installer
      ->une fenêtre DOS s’ouvre, appuyer sur une touche
      ->Un message en anglais ( demandant le redémarrage du PC) ==> Clic OK ( ou oui )
      Note : le redémarrage est assez long ( il faut cliquer plusieurs fois OK)
      Copier et coller le rapport dans la réponse (C:\fixwareout\report.txt)
      = supprimer Fixwareout sur le bureau
      Et dans C:\ ==> Fixwareout et dnsback
      ====================
      Télécharger sur le bureau Smitfraudfix : http://siri.urz.free.fr/Fix/SmitfraudFix.zip
      ->Double clic sur SmitfraudFix.zip
      ->Extraire tout
      ->Double clic sur SmitfraudFix
      ->Double Clic sur SmitfraudFix.cmd ( symbole roue dentée)
      ->Choisir Option 1
      ->Sauver le rapport
      ---------
      Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
      !! Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes !!
      Pour redémarrer en mode sans échec :
      Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
      Avec les touches « flèches », sélectionner Mode sans échec, appuyer sur entrée,puis ton nom utilisateur habituel
      ---
      Relancer Smitfraudfix
      ->Choisir Option 2
      ->Sauver le rapport
      ->Copier/coller les rapports dans la réponse
      ================
      puis refaire un rapport hijackthis

      Tu fait tout ça et tu colle tous les rapports.
      0
  8. Blqck.Angel Messages postés 24 Statut Membre
     
    A vrai dire, j'ai un probleme avec internet !! Mon pc affiche que j'ai internet, je l'ai réelement, mais tout ce qui est Firefox, mail, msn, je ne peut pas ma conncter !! J'ai donc décidé de faire un formatage de mon pc, en espérant que le(s) virus y soit détruit(s) aussi !!

    ps: j'écris sur un autre pc que le mien !!
    0
    1. gluo Messages postés 273 Statut Membre 105
       
      Comme tu veut.
      En formatant, c'est sûr, il ne restera plus rien, mais alors rien du tout ^^.

      Fait une sauvegarde de tes fichiers avant de formater quand même...

      @+.
      0
  9. Blqck.Angel Messages postés 24 Statut Membre
     
    Tkt pas pour ça :p !! J'ai un disc dure externe, j'y est mis tout mes fichier (qui m'intéressait).
    0