Sujet Précédent Sujet Suivant

Problemesvista antivirus 2008 et autres m....

Fermé
KIAORANA - 2 août 2008 à 10:02
 Utilisateur anonyme - 2 août 2008 à 17:16
Bonjour,


grosse infection!!!!!!!avec antivirus "vista antivirus2008" et maintenant antivrus 2009 orange en plus

j'ai essayé restauration du systeme comme consellé mais pas de resultats......puis avec gestionnaire des taches en arretant
le processus! mais ça revient a chaque demarrage c'est l'enfer!!

j'ai norton antivirus et antivir personnal edition classic mais j'ai du cliquer sur un mauvais truc en anglais sans doutes

merci de m'apporter un peu d'aide.....
A voir également:

6 réponses

Réponse 1 / 6
Utilisateur anonyme
2 août 2008 à 10:06
Salut,


Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

-> Si soucis :

Tutoriel d´instalation :

-> https://forums.cnetfrance.fr

Tutoriel d´utilisation :

-> https://forums.cnetfrance.fr
0
KIAORANA
2 août 2008 à 10:34
a chiquitine 29
as tu reçu le rapport?
Je ne suis pas un pro ......et la connection saute sans arret!!!
0
Réponse 2 / 6
KIAORANA
2 août 2008 à 10:18
MERCI pour ton aide rapide
je t'envoie le rapportLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:07, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Documents and Settings\MICHEL\Mes documents\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Run: [e8c34cf4] rundll32.exe "C:\WINDOWS\system32\vqgxrfhy.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Documents and Settings\MICHEL\Mes documents\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: utjvyt.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 3 / 6
Utilisateur anonyme
2 août 2008 à 10:35
Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

0
kiaorana
2 août 2008 à 12:16
je post donc le rapport malwarebytes

j'ai bien suivi ton processus


et redemarre l'ordi

malheureusement vista antivirus est toujours la!!!!!!

quelle peste!!!!!!!!!
Version de la base de données: 1015
Windows 5.1.2600 Service Pack 2

11:55:29 02/08/2008
mbam-log-8-2-2008 (11-55-29).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95077
Temps écoulé: 25 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 59
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 15
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\vqgxrfhy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnnLEVP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUmnMFv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\utjvyt.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3015f26b-b1bc-4525-bb73-230de46f2088} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3015f26b-b1bc-4525-bb73-230de46f2088} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb809b0e-c9a8-4f52-b2f4-5a7ac1ee97f8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb809b0e-c9a8-4f52-b2f4-5a7ac1ee97f8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{313907d9-4a98-43bd-bdd6-020bc0b5fb0c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{313907d9-4a98-43bd-bdd6-020bc0b5fb0c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvumnmfv (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{1d3f4979-14f0-4344-95f9-d019c75ed669} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1deac6d1-27b1-4804-8309-86f80e64d91f} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{21ee18cf-e24c-4ad8-a279-c34eeb5f18a9} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{22489f95-aa2e-4dfe-a00c-4f5d0dfdafd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{273582f0-3c1e-4bfc-b2a4-8348ae47f717} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27491041-2ccb-4a37-9297-fb84134ecad4} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{464b2a01-eb39-4cf6-b6bb-6262776b79da} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60ddd776-bd47-421a-9b75-c5965c1aaeb3} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c2ad1f2-670f-4096-9cf5-6fbea48d2e38} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a45c94f8-e114-48eb-84c9-de1b871e1a3a} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b48f25a0-49a8-46ae-b506-a789f8e91a51} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d3f81c5a-3a2d-464c-b617-289495ae52dd} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e6bc961e-2230-4a37-b7dc-f311773c7dbe} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f8681e4a-3b1b-46c5-9a0e-e4bdcd240a92} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fa08d9ec-0c7b-4c37-8d7a-e7837b997e90} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc51ded7-d056-45e5-a4ff-a308e2decfa5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9f99fd1a-5c53-4b82-981a-92a0f587d59b} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45C2FDBE-1D46-B98E-F9A9-9D44B93A9D52} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{02910a3c-5d77-4a3e-8a13-fdf81ac7fecd} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0485b9a3-61d4-40a9-82ee-5b8b6bd51a58} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{29143580-a3e7-4afb-a8ef-b88f3b56c5a3} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3eb2d5e5-ab7c-46db-950e-878cf812aa1c} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5caeb087-af31-494d-842d-39cf1c7adade} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5df8c005-6e2e-4bd6-a765-304a8e550ece} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{60659361-1c5f-4fa7-aeb0-f39df2547122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6a97a178-3e84-45af-8f28-982c22e9a49d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7d9351b3-4ebe-4f8f-981e-9af90ba99f54} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7e22e1d0-5af8-4fb8-a635-bd31b3308c71} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{821a05ed-bb06-4444-a1e0-f0ab21ff626d} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{886bacae-e094-4bde-912e-99c3a3ddd122} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8f290589-db12-447f-8f38-d24653ce9f13} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bad16ee0-5134-4dc2-bd33-46a557c93d36} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ec6671fe-7062-4f26-8383-4b887c4cb50b} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc8db863-22bc-4382-ac7a-96fabfd95bb8} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e9d2f33-4585-4404-aa57-15b2b03707f4} (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b3a2ecda-1487-4e7b-815e-d91e43ac79dc} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aa06de54-7b8a-4366-9209-d1fa2fd5e680} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53e0b6e8-a51d-448b-b692-40b67b285543} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.seekmotoolband (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.seekmotoolband.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Security Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Messenger Service (Trojan.Zlob) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e8c34cf4 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{313907d9-4a98-43bd-bdd6-020bc0b5fb0c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\user32.dll (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnlevp -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnnlevp -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger) -> Data: kdgqh.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{79547e28-2e9d-41d7-a68c-2da2c123e5fe}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b3c56301-6785-4911-8c74-1662b231ca96}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d12d1c50-0eb2-4ffb-a73c-613e396b1151}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fa15015a-6a74-4e9a-99d0-ff9c2b0ea64c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{79547e28-2e9d-41d7-a68c-2da2c123e5fe}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b3c56301-6785-4911-8c74-1662b231ca96}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d12d1c50-0eb2-4ffb-a73c-613e396b1151}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fa15015a-6a74-4e9a-99d0-ff9c2b0ea64c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{79547e28-2e9d-41d7-a68c-2da2c123e5fe}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b3c56301-6785-4911-8c74-1662b231ca96}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{d12d1c50-0eb2-4ffb-a73c-613e396b1151}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{fa15015a-6a74-4e9a-99d0-ff9c2b0ea64c}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.67,85.255.112.140 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\SpyLocked 4.1 (Rogue.SpywareLocked) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.4 (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\PestTrap (Rogue.Pesttrap) -> Quarantined and deleted successfully.
C:\Program Files\Video ActiveX Access (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\pmnnLEVP.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\PVELnnmp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\PVELnnmp.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utjvyt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vqgxrfhy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yhfrxgqv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUmnMFv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kdgqh.exe (Rootkit.DNSChanger) -> Delete on reboot.
C:\Program Files\SpyLocked 4.1\SpyLocked 4.1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\VirusProtectPro 3.4\VirusProtectPro 3.4.exe (Rogue.VirusProtectPro) -> Quarantined and deleted successfully.
C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys4AC.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys4AD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys4AE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys4AF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sys4B0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wfjwcgyg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xqteby.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcthmrkp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gploba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\klyahlfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lxesbc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xubvhcde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJApOEX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Local Settings\Temp\lwpwer.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\GO2RYQP1\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\S0GW5NTI\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\S0GW5NTI\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Local Settings\Temporary Internet Files\Content.IE5\3J4BI7O2\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Application Data\winantiviruspro2006freeinstall_fr[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP291\A0133593.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP291\A0133594.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP291\A0133595.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP291\A0133596.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP291\A0133597.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP293\A0133609.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP294\A0134609.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP294\A0135628.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137654.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137655.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137656.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137665.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137667.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137668.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137670.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137672.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP296\A0137673.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP299\A0137692.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP299\A0137693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B1466EAC-89E6-4113-8318-5CBE65A93609}\RP301\A0141757.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Program Files\PestTrap\Uninstall.exe (Rogue.Pesttrap) -> Quarantined and deleted successfully.
C:\Program Files\Video ActiveX Access\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video ActiveX Access\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Bureau\FREE P0RN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Bureau\NUDE GIRLS.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Bureau\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\MICHEL\Local Settings\Temp\software.php (Trojan.FakeAlert) -> Quarantined and deleted successfull
0
Réponse 4 / 6
Utilisateur anonyme
2 août 2008 à 12:19
réouvre malewarebyte
va sur quarantaine
supprime tout


Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
KIAORANA
2 août 2008 à 13:38
ci joint le rapport de combofix
wowwwwwwwwwww ça n'a pas l'air simple de se debarrasser de cette m;;;;

merci encore de ton aide


ComboFix 08-08-01.03 - MICHEL 2008-08-02 13:20:41.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.180 [GMT 2:00]
Endroit: C:\Documents and Settings\MICHEL\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
.

2008-08-02 11:22 . 2008-08-02 11:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 11:22 . 2008-08-02 11:22 <REP> d-------- C:\Documents and Settings\MICHEL\Application Data\Malwarebytes
2008-08-02 11:22 . 2008-08-02 11:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 11:22 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-02 11:22 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 10:13 . 2008-08-02 10:13 <REP> d-------- C:\Program Files\Trend Micro
2008-08-01 22:52 . 2008-08-01 22:52 129,920 --------- C:\WINDOWS\system32\utjvyt.dll
2008-07-31 07:52 . 2008-07-31 07:52 <REP> d--hs---- C:\FOUND.020
2008-07-30 23:50 . 2008-07-30 23:50 268 --ah----- C:\sqmdata18.sqm
2008-07-30 23:50 . 2008-07-30 23:50 244 --ah----- C:\sqmnoopt18.sqm
2008-07-30 23:14 . 2008-07-30 23:14 268 --ah----- C:\sqmdata17.sqm
2008-07-30 23:14 . 2008-07-30 23:14 244 --ah----- C:\sqmnoopt17.sqm
2008-07-30 22:57 . 2008-07-30 22:57 268 --ah----- C:\sqmdata16.sqm
2008-07-30 22:57 . 2008-07-30 22:57 244 --ah----- C:\sqmnoopt16.sqm
2008-07-30 22:51 . 2008-07-30 22:51 268 --ah----- C:\sqmdata15.sqm
2008-07-30 22:51 . 2008-07-30 22:51 244 --ah----- C:\sqmnoopt15.sqm
2008-07-30 22:42 . 2008-07-30 22:42 268 --ah----- C:\sqmdata14.sqm
2008-07-30 22:42 . 2008-07-30 22:42 244 --ah----- C:\sqmnoopt14.sqm
2008-07-30 22:32 . 2008-07-30 22:32 <REP> d--hs---- C:\FOUND.019
2008-07-30 22:16 . 2008-07-30 22:16 <REP> d--hs---- C:\FOUND.018
2008-07-30 22:03 . 2008-07-30 22:03 268 --ah----- C:\sqmdata13.sqm
2008-07-30 22:03 . 2008-07-30 22:03 244 --ah----- C:\sqmnoopt13.sqm
2008-07-29 00:00 . 2008-07-29 00:00 268 --ah----- C:\sqmdata12.sqm
2008-07-29 00:00 . 2008-07-29 00:00 244 --ah----- C:\sqmnoopt12.sqm
2008-07-07 23:59 . 2008-07-07 23:59 268 --ah----- C:\sqmdata11.sqm
2008-07-07 23:59 . 2008-07-07 23:59 244 --ah----- C:\sqmnoopt11.sqm
2008-07-06 23:19 . 2008-07-06 23:19 268 --ah----- C:\sqmdata10.sqm
2008-07-06 23:19 . 2008-07-06 23:19 244 --ah----- C:\sqmnoopt10.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 06:24 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-23 06:23 --------- d-----w C:\Program Files\Windows Live
2008-06-23 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2006-07-15 23:58 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"LDM"="C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-09 22:06 67128]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [2004-08-23 15:50 122880]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-12-30 17:34 214456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 20:48 68856]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-28 20:30 102400]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54 172032]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-06-09 11:50 765952]
"Wireless Console 2"="C:\Program Files\ASUS\Wireless Console 2\wcourier.exe" [2005-08-23 13:45 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-18 19:07 737369]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-08-28 06:22 58488]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-18 05:36 132248]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 09:29 33936]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 00:23 218240]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-05 21:05 344064]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:12 135168]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12 53248]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 15:49 20480]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-29 18:37 249896]
"!AVG Anti-Spyware"="C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 16:12 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-12 19:37 14679552 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2005-11-18 11:55:43 32768]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 13:42:22 45056]
Logitech SetPoint.lnk - C:\Documents and Settings\MICHEL\Mes documents\SetPoint\SetPoint.exe [2006-07-17 13:41:50 438272]
Logitech Desktop Messenger.lnk - C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-05-09 22:06:17 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=utjvyt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"spmgr"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"ITECIRService"=2 (0x2)
"ISSVC"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"ATKKeyboardService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ASWLSVC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Documents and Settings\\MICHEL\\Mes documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]
S4 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-05-16 14:09]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2005-11-18 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 17:26]

2008-08-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 13:21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-02 13:22:20
ComboFix-quarantined-files.txt 2008-08-02 11:22:20
ComboFix2.txt 2008-08-02 11:07:32

Pre-Run: 28,593,618,944 octets libres
Post-Run: 28,589,326,336 octets libres

191 --- E O F --- 2008-07-15 09:49:45
0
KIAORANA
2 août 2008 à 13:43
ComboFix 08-08-01.03 - MICHEL 2008-08-02 13:20:41.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.180 [GMT 2:00]
Endroit: C:\Documents and Settings\MICHEL\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-02 to 2008-08-02 ))))))))))))))))))))))))))))))))))))
.

2008-08-02 11:22 . 2008-08-02 11:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 11:22 . 2008-08-02 11:22 <REP> d-------- C:\Documents and Settings\MICHEL\Application Data\Malwarebytes
2008-08-02 11:22 . 2008-08-02 11:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 11:22 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-02 11:22 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 10:13 . 2008-08-02 10:13 <REP> d-------- C:\Program Files\Trend Micro
2008-08-01 22:52 . 2008-08-01 22:52 129,920 --------- C:\WINDOWS\system32\utjvyt.dll
2008-07-31 07:52 . 2008-07-31 07:52 <REP> d--hs---- C:\FOUND.020
2008-07-30 23:50 . 2008-07-30 23:50 268 --ah----- C:\sqmdata18.sqm
2008-07-30 23:50 . 2008-07-30 23:50 244 --ah----- C:\sqmnoopt18.sqm
2008-07-30 23:14 . 2008-07-30 23:14 268 --ah----- C:\sqmdata17.sqm
2008-07-30 23:14 . 2008-07-30 23:14 244 --ah----- C:\sqmnoopt17.sqm
2008-07-30 22:57 . 2008-07-30 22:57 268 --ah----- C:\sqmdata16.sqm
2008-07-30 22:57 . 2008-07-30 22:57 244 --ah----- C:\sqmnoopt16.sqm
2008-07-30 22:51 . 2008-07-30 22:51 268 --ah----- C:\sqmdata15.sqm
2008-07-30 22:51 . 2008-07-30 22:51 244 --ah----- C:\sqmnoopt15.sqm
2008-07-30 22:42 . 2008-07-30 22:42 268 --ah----- C:\sqmdata14.sqm
2008-07-30 22:42 . 2008-07-30 22:42 244 --ah----- C:\sqmnoopt14.sqm
2008-07-30 22:32 . 2008-07-30 22:32 <REP> d--hs---- C:\FOUND.019
2008-07-30 22:16 . 2008-07-30 22:16 <REP> d--hs---- C:\FOUND.018
2008-07-30 22:03 . 2008-07-30 22:03 268 --ah----- C:\sqmdata13.sqm
2008-07-30 22:03 . 2008-07-30 22:03 244 --ah----- C:\sqmnoopt13.sqm
2008-07-29 00:00 . 2008-07-29 00:00 268 --ah----- C:\sqmdata12.sqm
2008-07-29 00:00 . 2008-07-29 00:00 244 --ah----- C:\sqmnoopt12.sqm
2008-07-07 23:59 . 2008-07-07 23:59 268 --ah----- C:\sqmdata11.sqm
2008-07-07 23:59 . 2008-07-07 23:59 244 --ah----- C:\sqmnoopt11.sqm
2008-07-06 23:19 . 2008-07-06 23:19 268 --ah----- C:\sqmdata10.sqm
2008-07-06 23:19 . 2008-07-06 23:19 244 --ah----- C:\sqmnoopt10.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 06:24 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-23 06:23 --------- d-----w C:\Program Files\Windows Live
2008-06-23 06:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2006-07-15 23:58 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"LDM"="C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-09 22:06 67128]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [2004-08-23 15:50 122880]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-12-30 17:34 214456]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-24 20:48 68856]
"MSMSGS"="C:\Program Files\Messenger\Msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-28 20:30 102400]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54 172032]
"NB Probe"="C:\Program Files\ASUS\NB Probe\NBProbe.exe" [2005-06-09 11:50 765952]
"Wireless Console 2"="C:\Program Files\ASUS\Wireless Console 2\wcourier.exe" [2005-08-23 13:45 987136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-18 19:07 737369]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-08-28 06:22 58488]
"IS CfgWiz"="C:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-18 05:36 132248]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-31 09:29 33936]
"SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-06 00:23 218240]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-05 21:05 344064]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-17 13:12 135168]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2006-01-17 13:12 53248]
"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2004-08-23 15:49 20480]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-29 18:37 249896]
"!AVG Anti-Spyware"="C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 16:12 544768 C:\WINDOWS\sm56hlpr.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-12 19:37 14679552 C:\WINDOWS\RTHDCPL.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 13:01 28160 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2005-11-18 11:55:43 32768]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 13:42:22 45056]
Logitech SetPoint.lnk - C:\Documents and Settings\MICHEL\Mes documents\SetPoint\SetPoint.exe [2006-07-17 13:41:50 438272]
Logitech Desktop Messenger.lnk - C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-05-09 22:06:17 67128]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=utjvyt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"spmgr"=2 (0x2)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"navapsvc"=2 (0x2)
"ITECIRService"=2 (0x2)
"ISSVC"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"ATKKeyboardService"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"ASWLSVC"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Documents and Settings\\MICHEL\\Mes documents\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys [2004-07-06 19:56]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 12:53]
S4 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-05-16 14:09]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2005-11-18 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-19 17:26]

2008-08-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKLM-Main,Search Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 -: HKCU-SearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 -: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 -: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 -: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 -: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 13:21:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-02 13:22:20
ComboFix-quarantined-files.txt 2008-08-02 11:22:20
ComboFix2.txt 2008-08-02 11:07:32

Pre-Run: 28,593,618,944 octets libres
Post-Run: 28,589,326,336 octets libres

191 --- E O F --- 2008-07-15 09:49:45
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
Utilisateur anonyme
2 août 2008 à 13:43
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée
copie la ligne qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\utjvyt.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.


ensuite :


-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


ensuite :


Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware


instal le et met le a jours

ensuite lance le scan et supprime

puis poste le rapport sur le forum stp

Tuto : https://kerio.probb.fr/t387-tuto-avg-anti-spyware-anti-spyware

Qu est ce que les cookies : https://kerio.probb.fr/t161-qu-est-ce-qu-un-cookie-tracking-cookie

ici un méchant cookie :http://accel12.mettre-put-idata.over-blog.com/0/20/00/95/cookies_de_l__enfer_004-1.jpg -;)


ensuite refais un scan hijackthis et post le rapport
0
KIA0RANA
2 août 2008 à 14:11
VOILA LE RAPPORT OTMOVELT

MERCI de ton aide
0
kiaorana
2 août 2008 à 14:14
DllUnregisterServer procedure not found in C:\WINDOWS\system32\utjvyt.dll
C:\WINDOWS\system32\utjvyt.dll NOT unregistered.
C:\WINDOWS\system32\utjvyt.dll moved successfully.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08022008_140829

ci joint rapport je continue
0
KIAORANA
2 août 2008 à 17:10
ci joint dernier rapport hijack

j'ai suivi entierement la procedure et maintenant avg me dit que il n'y a rien a signaler.....
MAIS A VOIR AVEC DERNIER RAPPORT§§§§§

ENCORE MERCI;;;;;;;; Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:47, on 02/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Documents and Settings\MICHEL\Mes documents\SetPoint\SetPoint.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=gb&toHttps=1&redig=8A9AF5782DED48D3BBE4F9D507903CD2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Documents and Settings\MICHEL\Mes documents\SetPoint\SetPoint.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/fr/
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Documents and Settings\MICHEL\Mes documents\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: utjvyt.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\MICHEL\Bureau\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 6 / 6
Utilisateur anonyme
2 août 2008 à 17:16
réouvre hijackthis
fais scan only
coches ces lignes :

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O20 - AppInit_DLLs: utjvyt.dll

et clic sur fix checked


ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


je te propose ensuite de faire un scan avec antivir en mode sans echec


Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

-> Tuto :https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/






0

Discussions similaires

échec de l'analyse antivirus
StalkerShadows -
ness -

19 réponses
Echec analyse antivirus lors de téléchargement
mathelp_3935 -
Malekal_morte- -

19 réponses