Trojan et rootkit au secours !!!

Résolu
chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
j'ai grand besoin de vous comme le dit mon titre avast m' a détecté win32.trojan : gen {other} et aussi win32.rootkit-gen {rtk}

est ce que quelqu'un pourrait m"aider je ne sais pas quoi faire...

voici le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:30, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail?service=communiquer&u=http://webmail.wanadoo.fr/wanadoo/inbox.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7AfA98Gm4Me69ZMbubcDsHkhWqtO3euN1Q8oULEgH/SagCVN5/oWiKAMtKJsJIgkJq/4jZSVcvUx0i6Qv3XMHMx5Uhf5O/N+9bt5apsL8VdzY+rpm34zagJek/AMR+w=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NI.UWA6PV_0001_N91M2107] "C:\documents and settings\compaq_propriétaire\application data\winantiviruspro2006freeinstall_fr[1].exe" -nag
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Soft Show.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BMb7796ae9] Rundll32.exe "C:\WINDOWS\system32\eejdqqji.dll",s
O4 - HKLM\..\Run: [b44a5975] rundll32.exe "C:\WINDOWS\system32\nyksoxgj.dll",b
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bold film] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArmyLog\Pileamen.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NoPub-IE] C:\Program Files\NoPub-IE\NoPub-IE.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: paizgg.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
O24 - Desktop Component 0: (no name) - http://biondettablacklight.free.fr/coeur/wallpaper16.jpg

--
End of file - 13709 bytes
Configuration: Windows XP
Internet Explorer 7.0

70 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

Une détection par Avast signale la présence de deux menaces potentiellement associées à un rootkit dans le système : win32.trojan gen et win32.rootkit-gen, sur une configuration Windows XP. Le fil expose un rapport HijackThis complet et les détails d'un scan datant de 2008, avec des éléments suspects dans les démarrages et dans les services, en plus des composants Avast. Parmi les points sensibles, des entrées Run et Open Command dans le registre, des modules DLL non usr et des composants Wanadoo et Live Search, suggérant une infection multi-entrée à nettoyer. Des raisons pratiques montrent que ce journal peut contenir des faux positifs ou des éléments légitimes mal étiquetés, d'où la nécessité d'une vérification croisée et d'une approche méthodique.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    commence par faire ceci stp :

    Option 1 - Recherche :

    télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :

    https://www.androidworld.fr/

    Ensuite double clique sur smitfraudfix puis exécuter

    Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

    copier/coller le rapport dans la réponse.
    0
    1. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
       
      excuse moi j'ai été longue mon pc a planté.

      pas possible d'activer smitfraudix message d'erreur :

      joedanger n'est pas affilié avec smitfraudix.....
      0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...laisse smitfraudfix de coté on y reviendra plus tard...

    Télécharger sur le bureau malwarebytes à cette adresse :

    https://www.androidworld.fr/

    Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    Après l analyse, redémarrer le pc et poste le rapport !!

    Et refais un nouveau rapport hijackthis stp
    0
    1. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
       
      ok mon pc a encore planté, j'ais 33 éléments ibfectés mais il n'a pas fini.
      j'essaie de refaire un scan.
      je te poste les rapports dès que c'est possible, sans doute demain car le temps que ca scanne.....
      en tout cas je te remercie déjà de m'avoir écoutée ce soir et j'espère que tu seras la demain pour la suite.

      bonne nuit
      0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok pas de problemes chado ;-)

    Bonne fin de soirée @+
    0
  4. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    voici mon rapport malwarebytes abti malware

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1092
    Windows 5.1.2600 Service Pack 2

    15:15:54 29/08/2008
    mbam-log-08-29-2008 (15-15-54).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 179613
    Temps écoulé: 51 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 4
    Clé(s) du Registre infectée(s): 20
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 38
    Fichier(s) infecté(s): 98

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\nyksoxgj.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vtUnkiFv.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\eejdqqji.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\paizgg.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08bed96e-5a7d-42e7-9049-d2fb4978bebc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgghiy (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{08bed96e-5a7d-42e7-9049-d2fb4978bebc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{531fe598-9974-478b-b078-5c1b36032ff2} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{531fe598-9974-478b-b078-5c1b36032ff2} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef0cb62c-f89d-4688-be7d-dee00ee449b3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{ef0cb62c-f89d-4688-be7d-dee00ee449b3} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbdadde8-dffd-42bb-b0f0-6d1a74834fa2} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dbdadde8-dffd-42bb-b0f0-6d1a74834fa2} (Trojan.BHO.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b44a5975 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmb7796ae9 (Trojan.Vundo) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Adware.Starware) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\vtunkifv -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtunkifv -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Games\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\default (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316 (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Games (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Manager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Movies (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Reference (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Screensavers (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ScreensaversMarketingSitePager (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchAssistPlus (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchMatch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchMatch\searchMatchPages (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Weather (Adware.Starware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\qoMgghIY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUnkiFv.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vFiknUtv.ini (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\vFiknUtv.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\paizgg.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\nyksoxgj.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\jgxoskyn.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bjdmyify.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eejdqqji.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\dfnvlgew.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iojhypbt.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nkqdhbyj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nxbrkord.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wsldlhpn.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\aatwynxs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\etvsex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\U000D1FEC.exe (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Games\GamesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Games\GamesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Layouts\PitchLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Layouts\PitchLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Movies\MoviesOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Movies\MoviesOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Reference\ReferenceOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Reference\ReferenceOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Screensavers\ScreensaversOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Weather\AlertArchive.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Weather\WeatherOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Starware316\Weather\WeatherOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMb7796ae9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMb7796ae9.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cvztzwn_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\flildsedn_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cvztzwn_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\flildsedn_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    voici le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:24:15, on 29/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\CameraFixer.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N91M2107] "C:\documents and settings\compaq_propriétaire\application data\winantiviruspro2006freeinstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Soft Show.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [bold film] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArmyLog\Pileamen.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [NoPub-IE] C:\Program Files\NoPub-IE\NoPub-IE.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = ?
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: paizgg.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
    O24 - Desktop Component 0: (no name) - http://biondettablacklight.free.fr/coeur/wallpaper16.jpg
    0
  7. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    est ce que cela suffit ou il y autre chose à faire ?
    0
  8. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    j'ai installé antivir et fait un scan voici le rapport

    Avira AntiVir Personal
    Report file date: vendredi 29 août 2008 22:13

    Scanning for 1582788 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: ORDINATEUR

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 20:12:34
    ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 20:12:35
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 29/08/2008 20:12:38
    AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
    AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 29/08/2008 20:12:38
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 29/08/2008 20:12:37
    AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
    AEGEN.DLL : 8.1.0.36 315764 Bytes 29/08/2008 20:12:36
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
    AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
    AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 29/08/2008 20:12:35
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 29 août 2008 22:13

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'Generic.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
    Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
    Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
    Scan process 'E_FATICEE.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned
    Scan process 'CameraFixer.exe' - '1' Module(s) have been scanned
    Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'wcmdmgr.exe' - '1' Module(s) have been scanned
    Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'evntsvc.exe' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'CLSched.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
    Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    59 processes with 59 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '71' files ).

    Starting the file scan:

    Begin scan in 'C:\' <PRESARIO>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Sun\Java\Deployment\cache\6.0\16\2485e150-796c2039
    [0] Archive type: ZIP
    --> OP.class
    [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
    [NOTE] The file was moved to '48f0593b.qua'!
    C:\Documents and Settings\Compaq_Propriétaire\Mes documents\MAGIX_MusicMaker2008\MAGIX music maker 2004 deLuxe\Magix Music Maker 2004 Crack.EXE
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Delwin.CI.2 back-door program
    [NOTE] The file was moved to '491f5c63.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP523\A0102238.EXE
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Delwin.CI.2 back-door program
    [NOTE] The file was moved to '48e961df.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103321.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96206.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103322.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e9620e.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103323.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96215.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103324.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96219.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103325.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96222.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103326.exe
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96226.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103327.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e9622a.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103328.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e9622c.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103344.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e9622e.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103346.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96230.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103347.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96232.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103349.dll
    [DETECTION] Is the TR/Trash.Gen Trojan
    [NOTE] The file was moved to '48e96234.qua'!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP533\A0103355.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.135 dropper
    [NOTE] The file was moved to '48e96249.qua'!
    Begin scan in 'D:\' <PRESARIO_RP>

    End of the scan: vendredi 29 août 2008 23:13
    Used time: 1:00:16 Hour(s)

    The scan has been done completely.

    11019 Scanning directories
    558921 Files were scanned
    16 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    16 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    558904 Files not concerned
    15866 Archives were scanned
    5 Warnings
    16 Notes
    0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant réessais smitfraudfix stp
    0
  10. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    voici le rapport SmitFrauFix

    SmitFraudFix v2.342

    Rapport fait à 12:17:21,54, 30/08/2008
    Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://biondettablacklight.free.fr/coeur/wallpaper16.jpg"
    "SubscribedURL"="http://biondettablacklight.free.fr/coeur/wallpaper16.jpg"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="paizgg.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 15.243.128.51
    DNS Server Search Order: 15.243.160.51

    Description: SAGEM Wi-Fi 11g USB adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E6D02B6-D380-40BF-8454-21A0116AC61C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E6D02B6-D380-40BF-8454-21A0116AC61C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    maintenant fais ceci stp :

    Option 2 - Nettoyage :

    Redémarrer l'ordinateur en mode sans échec (tapoter F8 au boot pour obtenir le menu de démarrage).

    Double cliquer sur smitfraudfix

    Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    Redémarrer en mode normal et poster le rapport.

    ensuite refais un nouveau rapport hijackthis stp
    0
    1. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
       
      em mode sans echec, je n'ai pas l'icone de smitfraufix sur mon bureau et je ne peux donc pas faire le nettoyage
      0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    comment se fait il que tu n as pas l icone de smitfraudfix sur ton bureau ??

    Tu as trop d icone sur ton bureau ??
    0
    1. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
       
      c'est possible qu'il y en ai trop. il faut que j'en supprime ?
      0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu n es pas obligé de les supprimer...

    crée un ou plusieurs dossiers sur ton bureau et glisses les icones dans les dossiers crées par catégorie

    ensuite fais le nettoyage en mode sans échec stp
    0
    1. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
       
      ok je fais ca tout de suite
      0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    pour créer un dossier sur le bureau tu fais clic droit => nouveau => dossier
    0
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    apres avoir fait smitfraudfix, refais un nouveau rapport hijackthis pour que je puisse vérifier stp

    je dois m absenter quelques heures, je te reprends tantot dès que je suis de retour ;-)

    @+
    0
  16. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    je n'ai pas eu la question voulez vous corriger le fichier infecté mais voila le rapport

    SmitFraudFix v2.342

    Rapport fait à 16:32:42,12, 30/08/2008
    Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E6D02B6-D380-40BF-8454-21A0116AC61C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E6D02B6-D380-40BF-8454-21A0116AC61C}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    refais un nouveau rapport hijackthis stp

    je vérifierai tout à l heure @+
    0
  18. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:57:15, on 30/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
    C:\WINDOWS\wt\updater\wcmdmgr.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [NI.UWA6PV_0001_N91M2107] "C:\documents and settings\compaq_propriétaire\application data\winantiviruspro2006freeinstall_fr[1].exe" -nag
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\Its Label\ItsTV\ItsTV.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Soft Show.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [bold film] C:\DOCUME~1\COMPAQ~1\APPLIC~1\ArmyLog\Pileamen.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_SB0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [NoPub-IE] C:\Program Files\NoPub-IE\NoPub-IE.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: Outil de notification Live Search.lnk = ?
    O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O20 - AppInit_DLLs: paizgg.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: UPnPService - Magix AG - C:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe
    0
  19. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...refais une analyse complete avec malwarebytes mais en mode sans échec cette fois ci stp
    0
  20. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
     
    desolée j'ai été longue je n'étais pas la hier

    voici le rapport

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1092
    Windows 5.1.2600 Service Pack 2

    12:36:58 01/09/2008
    mbam-log-09-01-2008 (12-36-58).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 183038
    Temps écoulé: 1 hour(s), 44 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  21. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut chado !!

    fais ceci stp :

    télécharge OtMoveIt

    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau à cette adresse :

    (c est le numéro 7 en bas de la page) : https://www.androidworld.fr/

    Double-clique sur OTMoveIt.exe pour le lancer.
    Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
    Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

    c:\documents and settings\all users\application data\cast ping base frag\soft show.exe
    c:\documents and settings\compaq~1\applic~1\armylog\pileamen.exe


    clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.
    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

    ensuite :

    Fix.reg

    Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :

    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    REGEDIT4

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Base frag grid bows"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "bold film"=-


    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
    Puis click sur "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    ca doit ressembler à ca une fois enregistré :

    http://img520.imageshack.us/img520/4251/screenshot005ps2.png

    double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ensuite redémarre le pc et refais un nouveau rapport hijackthis stp

    est ce que tu as ad-aware, spybot et Ccleaner ??
    0
    1. chado59 Messages postés 105 Date d'inscription   Statut Membre Dernière intervention   1
       
      lorsque j'ai voulu enregistrer OTmoveIt2, une fenêtre d'avertissement antivir s'est ouverte :
      " a virus or unwanted program was found "
      C:\Documents and Settings \...\ Smitfraudfix.exe
      contains recognition pattern of the DR/Tool Reboot. F.136

      il me propose
      - move to quarantaine
      - delete
      - rename
      - deny access (celui est coché)
      - ignore


      merci
      0
  • 1
  • 2
  • 3
  • 4