Sujet Précédent Sujet Suivant

Trojan.Win32.Obfuscated

Résolu
thegunner33 Messages postés 42 Statut Membre -  
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,

J'ai découvert grace à une analyse en ligne de Kaspersky que mon ordinateur était infesté par le Trojan Win32 Obfuscated. J'ai Avast, mais il n'arrive pas à me l'enlever.
Si quelqu'un peut réussir à me supprimer cette gêne, ce serait très sympathique.
Merci par avance de vos réponses!!!

11 réponses

Réponse 1 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

où est-ce qu'il te le détecte ??

Télécharge ceci :

Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++
0
thegunner33 Messages postés 42 Statut Membre
 
salut, merci de m'aider. Voici le scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:37, on 27/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\zsbgtcrg\vyrgncxo.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\kjoxolaf.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: GNX Bingo - {8DFC8C4F-FEA9-45F5-B623-E16E3B841FCF} - C:\WINDOWS\kdftlboeeao.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - marwin32.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [hjzulvsh] C:\WINDOWS\system32\kjoxolaf.exe
O4 - HKLM\..\Policies\Explorer\Run: [7ltj22HPj6] C:\Documents and Settings\All Users\Application Data\zsbgtcrg\vyrgncxo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CbEvtSvc - Unknown owner - C:\WINDOWS\System32\CbEvtSvc.exe (file missing)
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: CxEvtSvc - Unknown owner - C:\WINDOWS\System32\CxEvtSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0
Réponse 2 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
thegunner33 Messages postés 42 Statut Membre
 
voila le scan de combofix:

ComboFix 08-03-26.3 - julien 2008-03-27 20:19:19.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.365 [GMT 1:00]
Endroit: C:\Documents and Settings\julien\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINDOWS\system32\*"

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\patrick\Application Data\macromedia\Flash Player\#SharedObjects\W7M9A7H3\iforex.com
C:\Documents and Settings\patrick\Application Data\macromedia\Flash Player\#SharedObjects\W7M9A7H3\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\patrick\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\patrick\Application Data\WinAntiVirus Pro 2006
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\rs.txt
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CCEVTSVC
-------\Service_CcEvtSvc


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-02-27 to 2008-03-27 ))))))))))))))))))))))))))))))))))))
.

2008-03-27 19:06 . 2008-03-27 19:06 <REP> d-------- C:\Program Files\Trend Micro
2008-03-27 11:41 . 2008-03-27 11:41 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 11:41 . 2008-03-27 11:41 <REP> d-------- C:\WINDOWS\LastGood
2008-03-26 16:21 . 2008-03-26 16:21 <REP> d-------- C:\Documents and Settings\julien\Bureauvirii
2008-03-26 16:21 . 2008-03-26 16:21 94,208 --a------ C:\WINDOWS\system32\kjoxolaf.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauTrojan.Win32.BlackBird.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauFWebdEditor.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufwebd.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufkwp2.0.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufkwp1.5.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufilemanagerclient.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauEditorFKWP2.0.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauEditorFKWP1.5.exe
2008-03-25 20:17 . 2008-03-25 20:17 98,304 --a------ C:\WINDOWS\system32\ufivipwl.exe
2008-03-25 18:48 . 2008-03-25 18:49 <REP> d-------- C:\Documents and Settings\patrick\Application Data\PC-Cleaner
2008-03-25 18:47 . 2008-03-26 07:01 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-25 06:37 . 2008-03-25 06:37 <REP> d-------- C:\Program Files\Inet Delivery
2008-03-25 06:37 . 2008-03-25 06:37 <REP> d-------- C:\Documents and Settings\patrick\Bureauvirii
2008-03-25 06:37 . 2008-03-25 06:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zsbgtcrg
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauTrojan.Win32.BlackBird.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauFWebdEditor.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufwebd.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufkwp2.0.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufkwp1.5.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufilemanagerclient.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauEditorFKWP2.0.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauEditorFKWP1.5.exe
2008-03-25 06:36 . 2008-03-25 04:02 212,992 --a------ C:\WINDOWS\kdftlboeeao.dll
2008-03-24 17:14 . 2008-03-24 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-24 16:00 . 2008-03-24 16:00 <REP> d-------- C:\Program Files\CCleaner
2008-03-24 13:17 . 2008-03-24 13:17 <REP> d-------- C:\Documents and Settings\julien\Application Data\Lavasoft
2008-03-24 13:01 . 2008-03-24 17:08 333 --a------ C:\WINDOWS\wininit.ini
2008-03-24 12:31 . 2008-03-24 12:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-24 12:31 . 2008-03-24 12:31 2,550 --a------ C:\WINDOWS\unins000.dat
2008-03-24 12:23 . 2008-03-24 12:23 <REP> d-------- C:\Program Files\Sysmnt
2008-03-24 12:23 . 2008-03-24 12:23 <REP> d-------- C:\Program Files\stc
2008-03-24 12:23 . 2008-03-24 12:23 <REP> d-------- C:\Program Files\180search assistant
2008-03-24 12:08 . 2008-03-24 12:08 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-24 12:08 . 2008-03-24 12:08 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-22 06:38 . 2008-03-23 19:36 119,808 --a------ C:\WINDOWS\system32\CxEvtSvc.exe
2008-03-11 06:56 . 2008-03-21 13:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 06:56 . 2008-03-16 08:50 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 19:15 --------- d-----w C:\Program Files\Wanadoo
2008-03-27 18:48 --------- d-----w C:\Program Files\emule
2008-03-24 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-24 11:25 --------- d-----w C:\Documents and Settings\julien\Application Data\uTorrent
2008-03-24 00:11 --------- d-----w C:\Program Files\uTorrent
2008-03-23 20:12 --------- d-----w C:\Documents and Settings\julien\Application Data\Canon
2008-03-14 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 15:48 --------- d-----w C:\Documents and Settings\patrick\Application Data\Canon
2008-03-06 16:00 --------- d-----w C:\Program Files\Winamp
2008-03-05 20:04 --------- d-----w C:\Program Files\QuickZip4
2008-03-04 15:22 4,848 ----a-w C:\Documents and Settings\patrick\Application Data\wklnhst.dat
2008-02-16 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 14:20 --------- d-----w C:\Program Files\CamStudio
2008-01-30 13:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Suite
2008-01-28 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-06-20 20:38 254 ----a-w C:\Documents and Settings\viviane\Application Data\wklnhst.dat
2006-12-05 16:27 656 ----a-w C:\Documents and Settings\julien\Application Data\wklnhst.dat
2006-06-28 16:12 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DFC8C4F-FEA9-45F5-B623-E16E3B841FCF}]
2008-03-25 04:02 212992 --a------ C:\WINDOWS\kdftlboeeao.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"WebCamRT.exe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 07:09 68856]
"hjzulvsh"="C:\WINDOWS\system32\kjoxolaf.exe" [2008-03-26 16:21 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 20:07 7110656]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 18:14 35328]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SsAAD.exe"="C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe" [2005-06-03 07:16 81920]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 14:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"QuickFinder Scheduler"="c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE" [1996-06-28 07:01 46080]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01 49152]
"nwiz"="nwiz.exe" [2005-07-20 20:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47 32768]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2006-11-20 12:24 863744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 13:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"7ltj22HPj6"= C:\Documents and Settings\All Users\Application Data\zsbgtcrg\vyrgncxo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\Pro Evolution Soccer 2008\\PES2008.exe"=

S2 grande48;grande48;C:\WINDOWS\system32\drivers\grande48.sys []

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-03-27 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-27 20:24:24
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-27 20:27:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-27 19:27:51
Pre-Run: 113,126,932,480 octets libres
Post-Run: 113,034,977,280 octets libres
.
2008-03-12 07:45:52 --- E O F ---
0
Réponse 3 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok,

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

++
0
thegunner33 Messages postés 42 Statut Membre
 
salut, voila (enfin) le rapport de sdfix. J'attends la suite de tes conseils.

[b]SDFix: Version 1.163 [/b]

Run by julien on 2008-03-28 at 18:39

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\julien\Bureau\sdfix\SDFix

[b]Checking Services [/b]:

Name:
CbEvtSvc

Path:
%SystemRoot%\System32\CbEvtSvc.exe -k netsvcs

CbEvtSvc - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
C:\WINDOWS\kdftlboeeao.dll - Deleted
C:\WINDOWS\iTunesMusic.exe - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-28 18:46:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a9411efb0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000a9411efb0]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 281


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 5\\PES5.exe:*:Enabled:pes5.exe"
"C:\\Documents and Settings\\julien\\Mes documents\\E-mule\\eMule\\emule.exe"="C:\\Documents and Settings\\julien\\Mes documents\\E-mule\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\julien\\Bureau\\emule.exe"="C:\\Documents and Settings\\julien\\Bureau\\emule.exe:*:Enabled:eMule"
"C:\\Documents and Settings\\julien\\Local Settings\\Temp\\QZTEMP\\Big Emoticons - Baddies Pack.exe"="C:\\Documents and Settings\\julien\\Local Settings\\Temp\\QZTEMP\\Big Emoticons - Baddies Pack.exe:*:Enabled:Messenger Content Installer"
"C:\\Documents and Settings\\julien\\Local Settings\\Temp\\QZTEMP\\Big Emoticons - Love Pack.exe"="C:\\Documents and Settings\\julien\\Local Settings\\Temp\\QZTEMP\\Big Emoticons - Love Pack.exe:*:Enabled:Messenger Content Installer"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Disabled:pes6.exe"
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"="C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe:*:Enabled:Navigateur Internet"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"
"C:\\Documents and Settings\\All Users\\Documents\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Documents and Settings\\All Users\\Documents\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\julien\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 29 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 9 May 2007 50,688 ...H. --- "C:\Documents and Settings\julien\Bureau\~WRL0480.tmp"
Wed 9 May 2007 29,696 ...H. --- "C:\Documents and Settings\julien\Bureau\~WRL1966.tmp"
Wed 9 May 2007 37,888 ...H. --- "C:\Documents and Settings\julien\Bureau\~WRL2405.tmp"
Wed 9 May 2007 51,200 ...H. --- "C:\Documents and Settings\julien\Bureau\~WRL2848.tmp"
Wed 9 May 2007 34,304 ...H. --- "C:\Documents and Settings\julien\Bureau\~WRL3755.tmp"
Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 9 May 2007 26,112 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL0004.tmp"
Wed 9 May 2007 25,600 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL0584.tmp"
Wed 9 May 2007 44,032 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL0692.tmp"
Wed 9 May 2007 30,720 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL1642.tmp"
Wed 9 May 2007 28,160 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL2349.tmp"
Wed 9 May 2007 41,984 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL2358.tmp"
Wed 9 May 2007 28,672 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL2526.tmp"
Wed 9 May 2007 40,960 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL3403.tmp"
Wed 9 May 2007 28,160 ...H. --- "C:\Documents and Settings\julien\Application Data\Microsoft\Word\~WRL3659.tmp"
Tue 29 Nov 2005 4,348 ...H. --- "C:\Documents and Settings\julien\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 26 May 2006 20 A..H. --- "C:\Documents and Settings\julien\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 27 Nov 2005 400 A.SH. --- "C:\Documents and Settings\julien\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]
0
Réponse 4 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

très bien, poste un nouveau combo stp

++
0
thegunner33 Messages postés 42 Statut Membre
 
salut, voila le nouveau combo:

ComboFix 08-03-26.3 - julien 2008-03-29 12:54:13.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\julien\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
-- Script messages for sUBs --
GREP -Fis \baiso
VFind -td "C:\WINDOWS\system32\*"

((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-29 ))))))))))))))))))))))))))))))))))))
.

2008-03-28 18:36 . 2008-03-28 18:36 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-27 20:33 . 2008-03-27 20:33 106,496 --a------ C:\WINDOWS\system32\zknirurm.exe
2008-03-27 19:06 . 2008-03-27 19:06 <REP> d-------- C:\Program Files\Trend Micro
2008-03-27 11:41 . 2008-03-27 11:41 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-26 16:21 . 2008-03-26 16:21 <REP> d-------- C:\Documents and Settings\julien\Bureauvirii
2008-03-26 16:21 . 2008-03-26 16:21 94,208 --a------ C:\WINDOWS\system32\kjoxolaf.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauTrojan.Win32.BlackBird.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauFWebdEditor.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufwebd.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufkwp2.0.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufkwp1.5.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\Bureaufilemanagerclient.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauEditorFKWP2.0.exe
2008-03-26 16:21 . 2008-03-26 16:21 4,096 --a------ C:\Documents and Settings\julien\BureauEditorFKWP1.5.exe
2008-03-25 20:17 . 2008-03-25 20:17 98,304 --a------ C:\WINDOWS\system32\ufivipwl.exe
2008-03-25 18:48 . 2008-03-25 18:49 <REP> d-------- C:\Documents and Settings\patrick\Application Data\PC-Cleaner
2008-03-25 18:47 . 2008-03-26 07:01 <REP> d-------- C:\Program Files\PC-Cleaner
2008-03-25 06:37 . 2008-03-25 06:37 <REP> d-------- C:\Program Files\Inet Delivery
2008-03-25 06:37 . 2008-03-25 06:37 <REP> d-------- C:\Documents and Settings\patrick\Bureauvirii
2008-03-25 06:37 . 2008-03-25 06:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\zsbgtcrg
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauTrojan.Win32.BlackBird.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauFWebdEditor.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufwebd.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufkwp2.0.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufkwp1.5.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\Bureaufilemanagerclient.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauEditorFKWP2.0.exe
2008-03-25 06:37 . 2008-03-25 06:37 4,096 --a------ C:\Documents and Settings\patrick\BureauEditorFKWP1.5.exe
2008-03-24 17:14 . 2008-03-24 17:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-24 16:00 . 2008-03-24 16:00 <REP> d-------- C:\Program Files\CCleaner
2008-03-24 13:17 . 2008-03-24 13:17 <REP> d-------- C:\Documents and Settings\julien\Application Data\Lavasoft
2008-03-24 13:01 . 2008-03-24 17:08 333 --a------ C:\WINDOWS\wininit.ini
2008-03-24 12:31 . 2008-03-24 12:30 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-24 12:31 . 2008-03-24 12:31 2,550 --a------ C:\WINDOWS\unins000.dat
2008-03-24 12:23 . 2008-03-24 12:23 <REP> d-------- C:\Program Files\Sysmnt
2008-03-24 12:23 . 2008-03-24 12:23 <REP> d-------- C:\Program Files\stc
2008-03-24 12:23 . 2008-03-24 12:23 <REP> d-------- C:\Program Files\180search assistant
2008-03-24 12:08 . 2008-03-24 12:08 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-22 06:38 . 2008-03-23 19:36 119,808 --a------ C:\WINDOWS\system32\CxEvtSvc.exe
2008-03-11 06:56 . 2008-03-21 13:14 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-11 06:56 . 2008-03-16 08:50 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 11:49 --------- d-----w C:\Program Files\Wanadoo
2008-03-28 20:54 --------- d-----w C:\Program Files\emule
2008-03-28 15:03 --------- d-----w C:\Program Files\Winamp
2008-03-25 05:37 94,208 ----a-w C:\WINDOWS\system32\bgrsjofq.exe
2008-03-24 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-24 11:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-24 11:25 --------- d-----w C:\Documents and Settings\julien\Application Data\uTorrent
2008-03-24 00:11 --------- d-----w C:\Program Files\uTorrent
2008-03-23 20:12 --------- d-----w C:\Documents and Settings\julien\Application Data\Canon
2008-03-14 15:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-09 15:48 --------- d-----w C:\Documents and Settings\patrick\Application Data\Canon
2008-03-05 20:04 --------- d-----w C:\Program Files\QuickZip4
2008-03-04 15:22 4,848 ----a-w C:\Documents and Settings\patrick\Application Data\wklnhst.dat
2008-02-16 20:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 14:20 --------- d-----w C:\Program Files\CamStudio
2008-01-30 13:55 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Suite
2008-01-28 21:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-06-20 20:38 254 ----a-w C:\Documents and Settings\viviane\Application Data\wklnhst.dat
2006-12-05 16:27 656 ----a-w C:\Documents and Settings\julien\Application Data\wklnhst.dat
2006-06-28 16:12 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-05-11 21:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"WebCamRT.exe"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 07:09 68856]
"hjzulvsh"="C:\WINDOWS\system32\kjoxolaf.exe" [2008-03-26 16:21 94208]
"gqqzduyk"="C:\WINDOWS\system32\zknirurm.exe" [2008-03-27 20:33 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-07-20 20:07 7110656]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-06-21 18:14 35328]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"SsAAD.exe"="C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe" [2005-06-03 07:16 81920]
"SoundMan"="SOUNDMAN.EXE" [2005-07-22 14:00 81920 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]
"QuickFinder Scheduler"="c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE" [1996-06-28 07:01 46080]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-02-20 20:01 49152]
"nwiz"="nwiz.exe" [2005-07-20 20:07 1519616 C:\WINDOWS\system32\nwiz.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"MessagerStarter Wanadoo"="C:\PROGRA~1\MESSAG~1\StartMessager.exe" [2003-04-04 16:47 32768]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58 278528]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2006-11-20 12:24 863744]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 22:12 49152]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-05 13:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\patrick\Menu D‚marrer\Programmes\D‚marrage\
PerfectPrint.LNK - C:\Corel\Office7\Shared\PFit7\PFPPOP70.EXE [2005-11-26 22:20:56 282624]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe [2005-08-24 13:06:54 577597]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-11-26 19:23:13 954475]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-11 23:49:24 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 22:23:26 282624]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-11-27 16:42:17 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Wanadoo\\WOOBrowser\\WOOBrowser.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Documents and Settings\\All Users\\Documents\\Pro Evolution Soccer 2008\\PES2008.exe"=

S2 CxEvtSvc;CxEvtSvc;C:\WINDOWS\System32\CxEvtSvc.exe [2008-03-23 19:36]
S2 grande48;grande48;C:\WINDOWS\system32\drivers\grande48.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-28 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 12:58:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-29 12:58:48
ComboFix-quarantined-files.txt 2008-03-29 11:58:35
ComboFix2.txt 2008-03-27 19:27:54
Pre-Run: 112,926,875,648 octets libres
Post-Run: 112,912,367,616 octets libres
.
2008-03-12 07:45:52 --- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
thegunner33 Messages postés 42 Statut Membre
 
voila le rapport de AVG, je sais pas si il t'interesse ou pas. En tt cas j'ai tt supprimé.

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:03:34 29/03/2008

+ Résultat de l'analyse:



C:\Program Files\180search assistant -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Aucune action entreprise.
C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Aucune action entreprise.
HKU\S-1-5-21-677497623-3201547191-3182617325-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.m : Aucune action entreprise.
C:\Documents and Settings\patrick\Cookies\patrick@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\patrick\Cookies\patrick@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\patrick\Application Data\Mozilla\Firefox\Profiles\45flvd8x.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.


Fin du rapport
0
thegunner33 Messages postés 42 Statut Membre > thegunner33 Messages postés 42 Statut Membre
 
voila maintenant le rapport de bitdefender:

BitDefender Online Scanner



Scan report generated at: Sat, Mar 29, 2008 - 16:19:51





Scan path: A:\;C:\;I:\;







Statistics

Time
01:08:23

Files
343512

Folders
10011

Boot Sectors
2

Archives
11885

Packed Files
11444




Results

Identified Viruses
7

Infected Files
32

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
32




Engines Info

Virus Definitions
1051869

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
41

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\zsbgtcrg\vyrgncxo.exe
Infected with: Trojan.Obfuscated.JP

C:\Documents and Settings\All Users\Application Data\zsbgtcrg\vyrgncxo.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\1001199737.exe
Infected with: Trojan.Spy.XVI

C:\Documents and Settings\LocalService\Application Data\1001199737.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\1028988697.exe
Infected with: Trojan.Spy.XVI

C:\Documents and Settings\LocalService\Application Data\1028988697.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\1047274356.exe
Infected with: Trojan.Spy.XVI

C:\Documents and Settings\LocalService\Application Data\1047274356.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\1249072019.exe
Infected with: Trojan.Agent.AHNF

C:\Documents and Settings\LocalService\Application Data\1249072019.exe
Disinfection failed

C:\Documents and Settings\LocalService\Application Data\1249072019.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\890819680.exe
Infected with: Trojan.Agent.AHNF

C:\Documents and Settings\LocalService\Application Data\890819680.exe
Disinfection failed

C:\Documents and Settings\LocalService\Application Data\890819680.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\937429316.exe
Infected with: Trojan.Spy.XVI

C:\Documents and Settings\LocalService\Application Data\937429316.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\951520419.exe
Infected with: Trojan.Agent.AHNF

C:\Documents and Settings\LocalService\Application Data\951520419.exe
Disinfection failed

C:\Documents and Settings\LocalService\Application Data\951520419.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\961089257.exe
Infected with: Trojan.Agent.AHNF

C:\Documents and Settings\LocalService\Application Data\961089257.exe
Disinfection failed

C:\Documents and Settings\LocalService\Application Data\961089257.exe
Deleted

C:\Documents and Settings\LocalService\Application Data\975573598.exe
Infected with: Trojan.Agent.AHNF

C:\Documents and Settings\LocalService\Application Data\975573598.exe
Disinfection failed

C:\Documents and Settings\LocalService\Application Data\975573598.exe
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
Detected with: Adware.Navipromo.AO

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0006
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0015=>(NSIS g)=>lzma_solid_nsis0002
Detected with: Adware.Navipromo.AO

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0015=>(NSIS g)=>lzma_solid_nsis0002
Deleted

C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0015=>(NSIS g)
Update failed

C:\QooBox\Quarantine\C\WINDOWS\system32\sft.res.vir
Infected with: Trojan.FakeAlert.QC

C:\QooBox\Quarantine\C\WINDOWS\system32\sft.res.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system32\sft.res.vir
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP682\A0253506.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP682\A0253506.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP682\A0253506.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP682\A0253537.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP682\A0253537.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP683\A0253597.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP683\A0253597.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0253625.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0253625.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0254548.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0254548.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0254548.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0254551.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP684\A0254551.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP686\A0254886.exe
Infected with: Trojan.Renos.NBQ

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP686\A0254886.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256711.exe
Infected with: Trojan.Obfuscated.JP

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256711.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256712.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256712.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256713.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256713.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256714.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256714.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256715.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256715.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256715.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256716.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256716.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256716.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256717.exe
Infected with: Trojan.Spy.XVI

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256717.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256718.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256718.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256718.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256719.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256719.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256719.exe
Deleted

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256720.exe
Infected with: Trojan.Agent.AHNF

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256720.exe
Disinfection failed

C:\System Volume Information\_restore{7E13FAC9-F916-4265-968A-F473B6F6FB07}\RP690\A0256720.exe
Deleted

C:\WINDOWS\system32\bgrsjofq.exe
Infected with: Trojan.Vundo.EFC

C:\WINDOWS\system32\bgrsjofq.exe
Deleted

C:\WINDOWS\system32\CxEvtSvc.exe
Infected with: Trojan.Spy.XVI

C:\WINDOWS\system32\CxEvtSvc.exe
Deleted
0
Réponse 6 / 11
thegunner33 Messages postés 42 Statut Membre
 
et voila le nouveau hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:33, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\kjoxolaf.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [hjzulvsh] C:\WINDOWS\system32\kjoxolaf.exe
O4 - HKCU\..\Run: [gqqzduyk] C:\WINDOWS\system32\zknirurm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: CxEvtSvc - Unknown owner - C:\WINDOWS\System32\CxEvtSvc.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0
Réponse 7 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
salut

ok, où en sont tes soucis à présent ??

++
0
thegunner33 Messages postés 42 Statut Membre
 
salut,

Apparement le spyware n'est plus la. Je te tiens au courant so il revient. En tt cas, merci pr tt!!!
0
Réponse 8 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Ok, encore quelques manips :

* Faire un clic droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
* Enregistrez la cible (du lien) sous... et enregistrez-le sur le bureau.
* Faire un clic droit sur navilog1.zip et choisir "tout extraire"
* Double-cliquez sur navilog1.exe
* Arriver au menu principal, choisir l'option 1 et valider.
* Patientez jusqu'au message : Analyse Termine le ...
* Le rapport sera en outre sauvegardé à la racine du disque (fixnavi.txt)

==> poste le stp

++
0
thegunner33 Messages postés 42 Statut Membre
 
salut,
bon fausse joie, il doit rester tt de meme qq chose, ar j'ai des fenetre imitant windows qui me disent que j'ai qq chose dans le pc.
Voila le rapport que tu m'a demandé:

Search Navipromo version 3.5.2 commencé le 01/04/2008 à 19:37:07,39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "julien"

Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\julien\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\julien\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\julien\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\julien\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\patrick\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\viviane\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\julien\locals~1\applic~1" :


* Dans "C:\DOCUME~1\patrick\locals~1\applic~1" :


* Dans "C:\DOCUME~1\viviane\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 01/04/2008 à 19:48:27,56 ***
0
Réponse 9 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

télécharge OTMoveIt (de Old_Timer) sur ton Bureau :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\kjoxolaf.exe
C:\WINDOWS\system32\zknirurm.exe
C:\WINDOWS\System32\CxEvtSvc.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

ensuite :

Relance HijackThis : choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked" :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp

O23 - Service: CxEvtSvc - Unknown owner - C:\WINDOWS\System32\CxEvtSvc.exe (file missing)

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\DOCUME~1\julien\MESDOC~1\sony\SsAAD.exe

O4 - HKLM\..\Run: [QuickFinder Scheduler] c:\Corel\Office7\Shared\QFinder7\QFSCHED.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [hjzulvsh] C:\WINDOWS\system32\kjoxolaf.exe
O4 - HKCU\..\Run: [gqqzduyk] C:\WINDOWS\system32\zknirurm.exe
O4 - Global Startup: BTTray.lnk = ?

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

et enfin, passe ccleaner et poste un nouveau hijack stp

++
0
thegunner33 Messages postés 42 Statut Membre
 
voila le rapport de otmoveit:

C:\WINDOWS\system32\kjoxolaf.exe moved successfully.
C:\WINDOWS\system32\zknirurm.exe moved successfully.
File/Folder C:\WINDOWS\System32\CxEvtSvc.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 04012008_202125
0
thegunner33 Messages postés 42 Statut Membre > thegunner33 Messages postés 42 Statut Membre
 
voila le rapport hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:58, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Download with TrueDownloader! - C:\Program Files\TrueDownloader\TrueDownloader.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
0
Réponse 10 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Très bien ! du nouveau ??

++
0
thegunner33 Messages postés 42 Statut Membre
 
salut,
je viens te remercier, je pense qu'il n'y a plus rien, je n'ai plus une seule page qui s'affiche, et mon ordi ne bugg pas. Donc je te remercie encore pr tt le temps passé à me sortir de ce pétrin!

Bonne continuation!!!
0
Réponse 11 / 11
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité 2 163
 
Salut

pas d'quoi ! ;-)

il ne te manque plus qu'à installer un parefeu et tout sera ok !

voir ici : http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet

@+
0

Discussions similaires

Trojan Win32 generic
yelena94 -
yelena94 -

27 réponses
Infection par Trojan.Win32.Bazon.a
Capdec -
Capdec -

16 réponses
PDM:Trojan.generic.win32 depuis 2 jours
CTF05 -
Malekal_morte- -

5 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Trojan.Win32.Hosts2.gen
matthieugoua -
afideg -

38 réponses