Sujet Précédent Sujet Suivant

Trojan

Fermé
zibi - 26 août 2008 à 07:50
 Utilisateur anonyme - 26 août 2008 à 10:02
BonjoUR,
J'ai un rapport sous la main .Qui peut me dire ce qu'il sous entend.
Voici le rapport.


***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
26/08/2008 06:27:29: Trojan Remover has been restarted
C:\Program Files\NetMeeting\msmsgs - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\Program Files\NetMeeting\msmsgs has been renamed to C:\Program Files\NetMeeting\msmsgs.vir
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350} - already removed
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350} - already removed
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[xydzyh] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\Indexingbox\[ImagePath] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\Office Source Engine Help\[ImagePath] - already deleted
=======================================================
26/08/2008 06:27:30: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 06:06:22 26 août 2008
Using Database v7112
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\NéPourDominé\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\NéPourDominé\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus

************************************************************

The regfile\shell\open\command Registry Key appears to have been modified.
The current Registry entry is: regedit.exe "%1" %*.
This entry calls the following file:
C:\WINDOWS\regedit.exe
Trojan Remover has restored the Registry regfile\shell\open key.
--------------------

************************************************************
06:06:47: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
06:06:47: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
06:06:47: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
06:06:50: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 12/01/2000
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 12/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
----------
File: C:\WINDOWS\system32\winsys16_061230.dll
C:\WINDOWS\system32\winsys16_061230.dll - file renamed to: C:\WINDOWS\system32\winsys16_061230.dll.vir
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 12/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: hpsysdrv
Value Data: c:\windows\system\hpsysdrv.exe
c:\windows\system\hpsysdrv.exe
52736 bytes
Created: 22/05/2002
Modified: 07/05/1998
Company: Hewlett-Packard Company
--------------------
Value Name: KBD
Value Data: C:\HP\KBD\KBD.EXE
C:\HP\KBD\KBD.EXE
61440 bytes
Created: 22/05/2002
Modified: 06/07/2001
Company: Hewlett-Packard Company
--------------------
Value Name: Recguard
Value Data: C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
212992 bytes
Created: 22/05/2002
Modified: 18/12/2001
Company:
--------------------
Value Name: dla
Value Data: C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
102455 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxtray.exe
155648 bytes
Created: 27/03/2002
Modified: 27/03/2002
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hkcmd.exe
106496 bytes
Created: 27/03/2002
Modified: 27/03/2002
Company: Intel Corporation
--------------------
Value Name: PS2
Value Data: C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ps2.exe
81920 bytes
Created: 22/05/2002
Modified: 03/07/2001
Company: Hewlett-Packard Company
--------------------
Value Name: NAV Agent
Value Data: c:\PROGRA~1\NORTON~1\navapw32.exe
c:\PROGRA~1\NORTON~1\navapw32.exe
75384 bytes
Created: 11/03/2002
Modified: 11/03/2002
Company: Symantec Corporation
--------------------
Value Name: Symantec NetDriver Monitor
Value Data: C:\PROGRA~1\SYMNET~1\SNDMon.exe
C:\PROGRA~1\SYMNET~1\SNDMon.exe
95960 bytes
Created: 12/01/2000
Modified: 12/01/2000
Company: Symantec Corporation
--------------------
Value Name: GPClientMonitor
Value Data: C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
45056 bytes
Created: 06/08/2007
Modified: 06/08/2007
Company: GalleryPlayer, Inc.
--------------------
Value Name: GPDownloadManager
Value Data: C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe
C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe
163840 bytes
Created: 06/08/2007
Modified: 06/08/2007
Company: GalleryPlayer, Inc.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
185896 bytes
Created: 29/01/2008
Modified: 03/02/2008
Company: RealNetworks, Inc.
--------------------
Value Name: EoEngine
Value Data:
Blank entry: []
--------------------
Value Name: EoWeather
Value Data:
Blank entry: []
--------------------
Value Name: ItsMedia
Value Data: "C:\Program Files\EoRezo\EoWeather\ItsEngine.exe"
C:\Program Files\EoRezo\EoWeather\ItsEngine.exe
1642496 bytes
Created: 07/02/2008
Modified: 11/07/2007
Company: Its Label
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11/01/2008
Modified: 11/01/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created: 15/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Value Name: xydzyh
Value Data: C:\WINDOWS\system32\xydzyh.exe
C:\WINDOWS\system32\xydzyh.exe
-HS- 86528 bytes
Created: 25/04/2008
Modified: 16/04/2008
Company:
C:\WINDOWS\system32\xydzyh.exe - this registry value has been removed
C:\WINDOWS\system32\xydzyh.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\xydzyh.exe - HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\xydzyh.exe - file renamed to: C:\WINDOWS\system32\xydzyh.exe.vir
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 26/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1694208 bytes
Created: 10/05/2002
Modified: 13/10/2004
Company: Microsoft Corporation
--------------------
Value Name: Microsoft Works Update Detection
Value Data: C:\Program Files\Microsoft Works\WkDetect.exe
C:\Program Files\Microsoft Works\WkDetect.exe [file not found to scan]
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 03/02/2008
Modified: 03/02/2008
Company: Google Inc.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
06:12:45: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
06:12:45: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
06:12:46: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
06:12:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
06:12:47: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created: 15/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
06:12:51: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdK7
ImagePath: System32\DRIVERS\amdk7.sys
C:\WINDOWS\System32\DRIVERS\amdk7.sys
41600 bytes
Created: 15/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created: 15/01/2000
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: BTHMODEM
ImagePath: system32\DRIVERS\bthmodem.sys
C:\WINDOWS\system32\DRIVERS\bthmodem.sys
38016 bytes
Created: 15/01/2000
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
100992 bytes
Created: 15/01/2000
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
272768 bytes
Created: 15/01/2000
Modified: 14/06/2008
Company: Microsoft Corporation
----------
Key: BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created: 15/01/2000
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
78048 bytes
Created: 22/05/2002
Modified: 15/02/2002
Company: VERITAS Software, Inc.
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40096 bytes
Created: 22/05/2002
Modified: 12/02/2002
Company: VERITAS Software, Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138680 bytes
Created: 29/01/2008
Modified: 07/02/2008
Company: Google
----------
Key: ialm
ImagePath: System32\DRIVERS\ialmnt5.sys
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
77277 bytes
Created: 05/04/2002
Modified: 05/04/2002
Company: Intel Corporation
----------
Key: Indexingbox
ImagePath: %WINDIR%\system\realsvc.exe
C:\WINDOWS\system\realsvc.exe
141333 bytes
Created: 25/04/2008
Modified: 16/04/2008
Company:
C:\WINDOWS\system\realsvc.exe appears to contain: TROJAN.DOWNLOADER
C:\WINDOWS\system\realsvc.exe - this registry value has been removed
C:\WINDOWS\system\realsvc.exe - process is either not running or could not be terminated
C:\WINDOWS\system\realsvc.exe - file renamed to: C:\WINDOWS\system\realsvc.exe.vir
----------
Key: LexBceS
ImagePath: C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXBCES.EXE
303104 bytes
Created: 11/02/2002
Modified: 11/02/2002
Company: Lexmark International, Inc.
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 25/05/2002
Modified: 18/08/2001
Company: Microsoft Corporation
----------
Key: NAVAP
ImagePath: \??\C:\WINDOWS\System32\Drivers\NAVAP.SYS
C:\WINDOWS\System32\Drivers\NAVAP.SYS
183872 bytes
Created: 08/12/2001
Modified: 08/12/2001
Company: Symantec Corporation
----------
Key: navapsvc
ImagePath: c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
116344 bytes
Created: 11/03/2002
Modified: 11/03/2002
Company: Symantec Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080215.021\NAVENG.Sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080215.021\NAVENG.Sys
82256 bytes
Created: 19/02/2008
Modified: 15/02/2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080215.021\NavEx15.Sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080215.021\NavEx15.Sys
895312 bytes
Created: 19/02/2008
Modified: 15/02/2008
Company: Symantec Corporation
----------
Key: nvax
ImagePath: system32\drivers\nvax.sys
C:\WINDOWS\system32\drivers\nvax.sys
13056 bytes
Created: 28/01/2002
Modified: 28/01/2002
Company: NVIDIA® Corporation
----------
Key: NVENET
ImagePath: System32\DRIVERS\NVENET.sys
C:\WINDOWS\System32\DRIVERS\NVENET.sys
96768 bytes
Created: 31/03/2002
Modified: 31/03/2002
Company: NVIDIA Corporation
----------
Key: nvnforce
ImagePath: system32\drivers\nvapu.sys
C:\WINDOWS\system32\drivers\nvapu.sys
187648 bytes
Created: 28/01/2002
Modified: 28/01/2002
Company: NVIDIA® Corporation
----------
Key: nv_agp
ImagePath: System32\DRIVERS\nv_agp.sys
C:\WINDOWS\System32\DRIVERS\nv_agp.sys
13502 bytes
Created: 07/12/2001
Modified: 07/12/2001
Company: NVIDIA Corporation
----------
Key: Office Source Engine Help
ImagePath: C:\Program Files\NetMeeting\msmsgs
C:\Program Files\NetMeeting\msmsgs
-RHS- 1727488 bytes
Created: 25/04/2008
Modified: 25/04/2008
Company:
C:\Program Files\NetMeeting\msmsgs - this registry value has been removed
C:\Program Files\NetMeeting\msmsgs - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\Program Files\NetMeeting\msmsgs - file ownership assigned to: FAM_DOGO\NéPourDominé
C:\Program Files\NetMeeting\msmsgs - file backed up to C:\Program Files\NetMeeting\msmsgs.vir
C:\Program Files\NetMeeting\msmsgs - file has been neutralised
C:\Program Files\NetMeeting\msmsgs - marked for renaming when the PC is restarted
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 25/04/2008
Modified: 23/09/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
32128 bytes
Created: 25/04/2008
Modified: 01/03/2006
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
13780 bytes
Created: 22/05/2002
Modified: 26/03/2002
Company: Padus, Inc.
----------
Key: Ps2
ImagePath: System32\DRIVERS\PS2.sys
C:\WINDOWS\System32\DRIVERS\PS2.sys
14112 bytes
Created: 22/05/2002
Modified: 04/06/2001
Company: Hewlett-Packard Company
----------
Key: Ptserial
ImagePath: System32\DRIVERS\ptserial.sys
C:\WINDOWS\System32\DRIVERS\ptserial.sys
120705 bytes
Created: 09/01/2002
Modified: 09/01/2002
Company: PCTEL, INC.
----------
Key: RFCOMM
ImagePath: system32\DRIVERS\rfcomm.sys
C:\WINDOWS\system32\DRIVERS\rfcomm.sys
59648 bytes
Created: 15/01/2000
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: SG762_XP
ImagePath: system32\DRIVERS\WlanBZXP.sys
C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
450560 bytes
Created: 25/04/2008
Modified: 10/01/2007
Company: ZyDAS Technology Corporation
----------
Key: SISAGP
ImagePath: System32\DRIVERS\SISAGP.sys
C:\WINDOWS\System32\DRIVERS\SISAGP.sys
27136 bytes
Created: 27/12/2001
Modified: 27/12/2001
Company: Silicon Integrated Systems Corporation
----------
Key: SNDSrvc
ImagePath: C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
206552 bytes
Created: 21/01/2005
Modified: 21/01/2005
Company: Symantec Corporation
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5589 bytes
Created: 22/05/2002
Modified: 29/01/2002
Company: VERITAS Software, Inc.
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
22963 bytes
Created: 22/05/2002
Modified: 29/01/2002
Company: VERITAS Software, Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{EC0024DA-DDC8-48C0-B1C9-AFCFC843CCA5}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 12/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Program Files\Symantec\SYMEVENT.SYS
C:\Program Files\Symantec\SYMEVENT.SYS
58224 bytes
Created: 22/05/2002
Modified: 26/02/2002
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
26424 bytes
Created: 21/01/2005
Modified: 21/01/2005
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
267384 bytes
Created: 21/01/2005
Modified: 21/01/2005
Company: Symantec Corporation
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
23607 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34743 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4119 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2235 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
52790 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
13847 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6327 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
88758 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
94679 bytes
Created: 22/05/2002
Modified: 09/05/2002
Company: VERITAS Software, Inc.
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: Vmodem
ImagePath: System32\DRIVERS\vmodem.sys
C:\WINDOWS\System32\DRIVERS\vmodem.sys
630430 bytes
Created: 09/01/2002
Modified: 09/01/2002
Company: PCTEL, INC.
----------
Key: Vpctcom
ImagePath: System32\DRIVERS\vpctcom.sys
C:\WINDOWS\System32\DRIVERS\vpctcom.sys
396875 bytes
Created: 09/01/2002
Modified: 09/01/2002
Company: PCTEL, INC.
----------
Key: Vvoice
ImagePath: System32\DRIVERS\vvoice.sys
C:\WINDOWS\System32\DRIVERS\vvoice.sys
66111 bytes
Created: 09/01/2002
Modified: 09/01/2002
Company: PCtel, Inc.
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
Key: ZDCndis5
ImagePath: \??\C:\WINDOWS\system32\ZDCndis5.SYS
C:\WINDOWS\system32\ZDCndis5.SYS [file not found to scan]
----------
Key: ZDPNDIS5
ImagePath: \??\C:\WINDOWS\system32\ZDPNDIS5.SYS
C:\WINDOWS\system32\ZDPNDIS5.SYS [file not found to scan]
----------
Key: ZDPSp50
ImagePath: System32\Drivers\ZDPSp50.sys
C:\WINDOWS\System32\Drivers\ZDPSp50.sys
17664 bytes
Created: 25/04/2008
Modified: 16/01/2007
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: {6080A529-897E-4629-A488-ABA0C29B635E}
ImagePath: system32\drivers\ialmsbw.sys
C:\WINDOWS\system32\drivers\ialmsbw.sys
88320 bytes
Created: 05/04/2002
Modified: 05/04/2002
Company: Intel Corporation
----------
Key: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
ImagePath: system32\drivers\ialmkchw.sys
C:\WINDOWS\system32\drivers\ialmkchw.sys
69472 bytes
Created: 05/04/2002
Modified: 05/04/2002
Company: Intel Corporation
----------

************************************************************
06:14:34: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 22/05/2002
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
06:14:34: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
294912 bytes
Created: 27/03/2002
Modified: 27/03/2002
Company: Intel Corporation
----------

************************************************************
06:14:35: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
Path: c:\Program Files\Norton AntiVirus\NavShExt.dll
c:\Program Files\Norton AntiVirus\NavShExt.dll
102400 bytes
Created: 11/03/2002
Modified: 11/03/2002
Company: Symantec Corporation
----------
Key: Yahoo! Mail
CLSID: {5464D816-CF16-4784-B9F3-75C0DB52B499}
Path: C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
190496 bytes
Created: 12/01/2000
Modified: 30/10/2006
Company: Yahoo! Inc.
----------

************************************************************
06:14:35: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

************************************************************
06:14:36: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
817936 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 23/10/2006
Modified: 23/10/2006
Company: Adobe Systems Incorporated
----------
Key: {3049C3E9-B461-4BC5-8870-4C09146192CA}
BHO: C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
370296 bytes
Created: 29/01/2008
Modified: 03/02/2008
Company: RealPlayer
----------
Key: {64F56FC1-1272-44CD-BA6E-39723696E350}
BHO: C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350} - this key has been removed [file not found to scan]
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350} - this key has been removed
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2436160 bytes
Created: 29/01/2008
Modified: 29/01/2008
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
654320 bytes
Created: 07/02/2008
Modified: 07/02/2008
Company: Google Inc.
----------
Key: {BDF3E430-B101-42AD-A544-FADC6B084872}
BHO: c:\Program Files\Norton AntiVirus\NavShExt.dll
c:\Program Files\Norton AntiVirus\NavShExt.dll - file already scanned
----------
Key: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
BHO: C:\Program Files\Microsoft Money\System\mnyviewer.dll
C:\Program Files\Microsoft Money\System\mnyviewer.dll
143420 bytes
Created: 25/07/2001
Modified: 25/07/2001
Company: Microsoft Corporation
----------

************************************************************
06:19:47: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
281600 bytes
Created: 12/01/2000
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
06:19:47: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
06:19:47: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
06:19:47: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
06:19:47: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll schannel.dll digest.dll msnsspc.dll
msapsspc.dll schannel.dll digest.dll msnsspc.dll [file not found to scan]
----------

************************************************************
06:19:47: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

************************************************************
06:19:47: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 10/05/2002
Modified: 10/05/2002
Company:
--------------------
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
16384 bytes
Created: 22/05/2002
Modified: 22/05/2002
Company:
hp center.lnk - links to C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
--------------------
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
125624 bytes
Created: 07/02/2008
Modified: 07/02/2008
Company: Google
Outil de mise à jour Google.lnk - links to C:\Program Files\Google\Google Updater\GoogleUpdater.exe
--------------------
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
950272 bytes
Created: 25/04/2008
Modified: 16/01/2007
Company:
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - links to C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
06:19:48: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Analyser mon ordinateur.job
File: c:\PROGRA~1\NORTON~1\NAVW32.exe
c:\PROGRA~1\NORTON~1\NAVW32.exe
87672 bytes
Created: 11/03/2002
Modified: 11/03/2002
Company: Symantec Corporation
Parameters: /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
Next Run Time: 29/08/2008 20:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Propriétaire
Comments: Il s'agit d'une tâche de programmation d'analyse de Norton AntiVirus.
----------
Taskname: Symantec NetDetect.job
File: C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
99960 bytes
Created: 22/05/2002
Modified: 22/11/2001
Company: Symantec Corporation
Parameters: [blank]
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: Propriétaire
Comments: Symantec NetDetect
----------

************************************************************
06:19:49: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
06:19:49: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
==============================
Restrictive Windows Explorer Policies found in force on this computer:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: SHOWALL\"CheckedValue"
All Policy Values listed have been removed
==============================
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\kavo.exe - PWS.OnlineGames
C:\WINDOWS\system32\kavo.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\kavo.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\system32\kavo.exe - file renamed to: C:\WINDOWS\system32\kavo.exe.vir
----------
Desktop Wallpaper: c:\windows\web\wallpaper\info-800.bmp
c:\windows\web\wallpaper\info-800.bmp
481080 bytes
Created: 22/05/2002
Modified: 22/08/2001
Company:
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\info-800.bmp
C:\WINDOWS\web\wallpaper\info-800.bmp
481080 bytes
Created: 22/05/2002
Modified: 22/08/2001
Company:
----------
Checking autorun.inf in C:\
C:\autorun.inf open entry: [m9as2c.cmd]
C:\m9as2c.cmd
-RHS- 109945 bytes
Created: 21/08/2008
Modified: 21/08/2008
Company:
----------
Checking autorun.inf in D:\
D:\autorun.inf open entry: [m9as2c.cmd]
D:\m9as2c.cmd
-RHS- 109945 bytes
Created: 21/08/2008
Modified: 21/08/2008
Company:
----------
--------------------
Additional checks completed

************************************************************
06:21:03: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[65 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[56 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[47 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[150 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[28 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[40 loaded modules in total]
--------------------
C:\WINDOWS\system32\LEXBCES.EXE
[25 loaded modules in total]
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
[20 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[60 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[31 loaded modules in total]
--------------------
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[23 loaded modules in total]
--------------------
c:\Program Files\Norton AntiVirus\navapsvc.exe
[18 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[37 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[42 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\wscntfy.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[106 loaded modules in total]
--------------------
C:\windows\system\hpsysdrv.exe
[9 loaded modules in total]
--------------------
C:\HP\KBD\KBD.EXE
[49 loaded modules in total]
--------------------
C:\WINDOWS\system32\dla\tfswctrl.exe
[25 loaded modules in total]
--------------------
C:\PROGRA~1\NORTON~1\navapw32.exe
[67 loaded modules in total]
--------------------
C:\Program Files\GalleryPlayer\Player\GPClientMonitor.exe
[83 loaded modules in total]
--------------------
C:\Program Files\GalleryPlayer\Player\GPDownloadManager.exe
[100 loaded modules in total]
--------------------
C:\WINDOWS\system32\rundll32.exe
[35 loaded modules in total]
--------------------
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
[66 loaded modules in total]
--------------------
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
[58 loaded modules in total]
--------------------
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\System32\wbem\wmiprvse.exe
[57 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
[53 loaded modules in total]
--------------------
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
[90 loaded modules in total]
--------------------
C:\Program Files\Microsoft Works\MSWorks.exe
[45 loaded modules in total]
--------------------
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
[89 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[133 loaded modules in total]
--------------------
C:\Documents and Settings\NéPourDominé\Application Data\Simply Super Software\Trojan Remover\vihD4.exe
FileSize: 2548288
[This is a Trojan Remover component]
[22 loaded modules in total]
--------------------

************************************************************
06:22:16: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
06:22:16: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
06:22:17: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
06:22:17: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\NPOURD~1\LOCALS~1\Temp\JET8E5D.tmp appears to be in-use/locked
C:\DOCUME~1\NPOURD~1\LOCALS~1\Temp\JETAE.tmp appears to be in-use/locked
C:\DOCUME~1\NPOURD~1\LOCALS~1\Temp\~DF112B.tmp appears to be in-use/locked
C:\DOCUME~1\NPOURD~1\LOCALS~1\Temp\~DF23EA.tmp appears to be in-use/locked
C:\DOCUME~1\NPOURD~1\LOCALS~1\Temp\~DF6F9C.tmp appears to be in-use/locked
************************************************************
06:22:18: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
06:22:50: Scanning ------ ROOT DIRECTORY ------

************************************************************
06:23:10: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://fr.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://fr.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/toolbar/ie8/sidebar.html
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 06:23:11 26 août 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
26/08/2008 06:23:25: restart commenced
************************************************************
A voir également:

2 réponses

Réponse 1 / 2
varfendell Messages postés 3256 Date d'inscription jeudi 27 décembre 2007 Statut Membre Dernière intervention 8 février 2020 706
26 août 2008 à 09:59
Bonjour,

et bien après un rapide passage sur ton rapport, j'ai pu voir deux choses:
1/ certaine infection n'ont pas été supprimées et ont été renommé en .vir
2/d'autre infections seront supprimées au redémarrage de ton ordinateur.

Je te conseil cependant de faire une scan complet avec malware:

télécharge malware sur cette page=>le tutoriel à été fait par VIRUS_KILLER

A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée. >>> clique sur "Terminer"
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur ok

Laisse les Mises à jour se télécharger
*** Referme le programme ***
redemmarre en mode sans echecs regarder ici si vous ne savez pas comment faire)
Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Exécuter un examen complet >>> Rechercher
Sélectionne ton disque dur >>> clic sur Lancer l'examen
Suppression des éléments détectés >>>> clique sur Supprimer la sélection
Colle le rapport de malwarebytes dans ta réponse
S'il t'es demandé de redémarrer >>> clique sur "Yes"

et de nettoyer ton ordinateur avec ccleaner:

télécharge ccleaner (tutoriel ici par VIRUS_KILLER ou en voici un autre)
passe un bon coup de balais sur ton ordi:
-effectue plusieurs fois le nettoyage avec le nettoyeur
-idem avec la fonction registre
-supprime les programmes au démarrage qui sont inutile.

puis de poster un rapport hijackthis pour verifier que ton ordi est clean:

Télécharger HijackThis
Le dézipper dans un dossier prévu à cet effet.
Par exemple C:\hijackthis
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
L’exécuter puis sur "Do a system scan and save a logfile" (cf. démo)
faire un copier-coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
0
Réponse 2 / 2
Utilisateur anonyme
26 août 2008 à 10:02
bonjour,

Varfendell <---> DOUBLON du sujet t'es bien gentil de repondre ce serait moi ^^


Edit: jma gouru desolé ja cru xD
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
[Virus] Trojan ou virus dans csrss.exe et spo
Igor -
Igor -

5 réponses