Sujet Précédent Sujet Suivant

Mon rapport navilog

vanina -  
raphy00 Messages postés 1112 Statut Membre -
Bonjour,
j'ai des soucis avec mon ordi et je ne m'y connais pas du tout alors sur les conseil d'une amie j'ai fais une analyse navilog et je vous envoie mon rapport, merci de votre aide .

Search Navipromo version 3.6.5 commencé le 29/08/2008 à 14:16:46,78

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "vanina"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans "C:\windows" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\vanina\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\HLNE~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\vanina\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\HLNE~1\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\vanina\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\HLNE~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu.dat
C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu.exe
C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu_nav.dat
C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu_navps.dat

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\windows\system32" *

* Recherche dans "C:\Documents and Settings\vanina\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\HLNE~1\locals~1\applic~1" *

*** Recherche fichiers ***

C:\windows\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\windows\system32" :

* Dans "C:\Documents and Settings\vanina\locals~1\applic~1" :

seicw_navtmp.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

* Dans "C:\DOCUME~1\HLNE~1\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\windows\system32\FLorutwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !

*** Analyse terminée le 29/08/2008 à 14:27:48,87 ***

24 réponses

  • 1
  • 2
Réponse 1 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Salut,

Je pourrais pas rester longtemps, j'ai jusqu'a ce soir..

Alors :

1. Tu passes l'option 2 de Navilog.
Puis tu postes le rapport.

2. Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Verifie la mise a jour.

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

Fais un scan complet et postes le rapport.

3.Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

C'est la ligne : Download the HJT installer.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Avant toute installation, renommes le en lalala.exe.

Accepte la license en cliquant sur le bouton "I Accept"

Ensuite clique sur "do a system scan and save a logfile" et postes le rapport.

Un excellent tuto ici :

https://www.androidworld.fr/

$J'espere que j'aurai le temps de voir le rapport.

ATTENTION ! Manip a faire dans l'ordre !

;-)

0
Réponse 2 / 24
vanina
 
Clean Navipromo version 3.6.5 commencé le 29/08/2008 à 15:07:49,45

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "vanina"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu.dat réalisée avec succès !
Copie C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu.exe réalisée avec succès !
Copie C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu_nav.dat réalisée avec succès !
Copie C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu.dat supprimé !
C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu.exe supprimé !
C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu_nav.dat supprimé !
C:\Documents and Settings\vanina\Local Settings\Application Data\egymocu_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans "C:\windows\system32" *

C:\windows\prefetch\egymocu*.pf trouvé !
Copie C:\windows\prefetch\egymocu*.pf réalisée avec succès !
C:\windows\prefetch\egymocu*.pf supprimé !

* Dans "C:\Documents and Settings\vanina\locals~1\applic~1" *

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\windows\System32" *

* Suppression dans "C:\Documents and Settings\vanina\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Suppression dans "C:\DOCUME~1\HLNE~1\locals~1\applic~1" *

*** Suppression dossiers dans "C:\windows" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\vanina\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\HLNE~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\vanina\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\HLNE~1\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\vanina\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\DOCUME~1\HLNE~1\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\windows\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\windows\Temp effectué !
Nettoyage contenu C:\Documents and Settings\vanina\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\windows\system32" *

* Dans "C:\Documents and Settings\vanina\locals~1\applic~1" *

seicw_navtmp.dat trouvé !
Copie seicw_navtmp.dat réalisée avec succès !
seicw_navtmp.dat supprimé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Dans "C:\DOCUME~1\HLNE~1\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 29/08/2008 à 15:13:57,14 ***

voila mon rapport de la deuxième étape de navilog
je passe au téléchargement
merci de ton aide
0
Réponse 3 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Ok.

Regarde aussi dans ta liste de programmes installes s'il y a des programmes crapuleux comme :

CiD help
BitTorrent
BitGraber
Cid

Des trucs comme ca..

Si tu as des doutes, cherche sur Google.

;-)
0
Réponse 4 / 24
vanina
 
2. Telecharges malwares bytes anti malwares :

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tutoriel Malwarebytes Anti-Malware: http://forum.pcastuces.com/malwarebytes_antimalwares___tutor­iel-f31s3.htm

Verifie la mise a jour.

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

Fais un scan complet et postes le rapport

je fais un scan avec navilog?
merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Mais non, avec Malwarebytes, voyons.

;-)
0
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
salut a vous pour voir
0
Réponse 6 / 24
vanina
 
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1094
Windows 5.1.2600 Service Pack 2

17:10:36 29/08/2008
mbam-log-08-29-2008 (17-10-36).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 170563
Temps écoulé: 1 hour(s), 38 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 55
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 73

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awturoLF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jpvlkbsu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hnwlvvfq.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\yhcwwu.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08bed96e-5a7d-42e7-9049-d2fb4978bebc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfduolk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08bed96e-5a7d-42e7-9049-d2fb4978bebc} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d5d82ba-b456-48d3-a8f7-42ce0d1c9d48} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3d5d82ba-b456-48d3-a8f7-42ce0d1c9d48} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cce3791d-ed43-4575-9fb4-f572f2812ba5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cce3791d-ed43-4575-9fb4-f572f2812ba5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\navigationtool.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\navigationtool.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{566dede9-9ed8-45da-9be6-9b2eeab17f49} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a0dcbda-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\navigationtool (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\playmp3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3073c4d6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3340f74a (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awturolf -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\awturolf -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\windows\system32\khfDUolk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awturoLF.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FLorutwa.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\FLorutwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yhcwwu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jpvlkbsu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\usbklvpj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rbckjpvx.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xvpjkcbr.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnwlvvfq.dll (Trojan.Vundo) -> Delete on reboot.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temp\qjglsvxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\PZW0VLR0\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\RS1KANHU\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\XCYS6460\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\XQ2V5LHN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\Y1DEG7GW\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\Y1DEG7GW\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\vanina\Local Settings\Temporary Internet Files\Content.IE5\YLZ30N45\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP757\A0129165.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP758\A0131269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP758\A0131276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP758\A0131277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131431.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131432.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131433.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131434.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP759\A0131490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114332.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114334.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114336.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114342.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114349.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114356.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FE62DFD1-E165-47AF-AC5D-5300B6972916}\RP696\A0114371.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwfpnyyo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsrhbfcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cogcxaex.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ewqtvahh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfywmuqh.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\magcdhyc.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\choktw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stgenqpj.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isrnmvmj.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\biosvvqh.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjubkihu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdrclpty.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vopgfyyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrrvhila.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfkknato.0ll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yqiuoarl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\003CA321.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\0038ED0F.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\NavigationTool.dat (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\pcre3.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\NavigationTool\uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3340f74a.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM3340f74a.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
voila mon dernier rapport
désolée de ne pas m'y connaitre en informatique!!!
0
Réponse 7 / 24
vanina
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:58, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\windows\system32\rundll32.exe
C:\windows\system32\Rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Documents and Settings\vanina\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Documents and Settings\vanina\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Trend Micro\lalala\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MySight 2006 BS Check&Random] C:\Program Files\MySight 2006\quickbs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [BM3340f74a] Rundll32.exe "C:\windows\system32\hnwlvvfq.dll",s
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\vanina\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp.photoprintit.de/microsite/9358/defaults/activex/IPSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 8 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Re,

Il est toujours pas parti..

Va la :

C:\Program Files\Trend Micro\lalala\HijackThis.exe

Renommes HijackThis.exe en bb.exe.

Ensuite tu repostes un rapport HijackThis.
0
Réponse 9 / 24
vanina
 
merci pour ta patience!! voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:28, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\windows\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\windows\system32\svchost.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Documents and Settings\vanina\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Documents and Settings\vanina\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Trend Micro\lalala\bb.exe
C:\Program Files\Orange\browser\browser.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MySight 2006 BS Check&Random] C:\Program Files\MySight 2006\quickbs.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\vanina\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour.fr/
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/binary/MJSS.cab69309.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp.photoprintit.de/microsite/9358/defaults/activex/IPSUploader.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fotodiscount.com/infos/migration.cfm
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 10 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Relance HijackThis, coche ces lignes et clique en bas sur fix checked :

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Iminent.SearchTheWeb.HelperObject - {0E896FCA-D07E-45FE-901F-6A26FCF59C02} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe



Ensuite :

Télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\NeroCheck.exe

Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

3. Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur Parcourir et cherche ce fichier : C:\WINDOWS\system32\dllhost.exe

Clique sur Send File.

Tu devras surement patienter, il y a toujours une file d'attente.
Un rapport va s'élaborer ligne à ligne.

Attends la fin. Tu dois voir la mention Finished sur la droite.
Le rapport doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie/colle le dans ta prochaine réponse.

Si VirusTotal indique que le fichier a déjà été analysé, cliquer sur le bouton Reanalyse le fichier maintenant.
=======================================

Tu peux demander l'analyse de plusieurs fichiers, mais il faut en envoyer un a la fois
0
Réponse 11 / 24
vanina
 
C:\WINDOWS\system32\NeroCheck.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08292008_193659
0
Réponse 12 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Ok.

Virus Total maintenant.
0
Réponse 13 / 24
vanina
 
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.29.0 2008.08.29 -
AntiVir 7.8.1.23 2008.08.29 -
Authentium 5.1.0.4 2008.08.29 -
Avast 4.8.1195.0 2008.08.29 -
AVG 8.0.0.161 2008.08.29 -
BitDefender 7.2 2008.08.29 -
CAT-QuickHeal 9.50 2008.08.29 -
ClamAV 0.93.1 2008.08.29 -
DrWeb 4.44.0.09170 2008.08.29 -
eSafe 7.0.17.0 2008.08.28 -
eTrust-Vet 31.6.6056 2008.08.29 -
Ewido 4.0 2008.08.29 -
F-Prot 4.4.4.56 2008.08.29 -
Fortinet 3.14.0.0 2008.08.29 -
GData 19 2008.08.29 -
Ikarus T3.1.1.34.0 2008.08.29 -
K7AntiVirus 7.10.432 2008.08.29 -
Kaspersky 7.0.0.125 2008.08.29 -
McAfee 5373 2008.08.29 -
Microsoft 1.3807 2008.08.25 -
NOD32v2 3399 2008.08.29 -
Norman 5.80.02 2008.08.29 -
Panda 9.0.0.4 2008.08.29 -
PCTools 4.4.2.0 2008.08.29 -
Prevx1 V2 2008.08.29 -
Rising 20.59.41.00 2008.08.29 -
Sophos 4.33.0 2008.08.29 -
Sunbelt 3.1.1592.1 2008.08.29 -
Symantec 10 2008.08.29 -
TheHacker 6.3.0.6.067 2008.08.29 -
TrendMicro 8.700.0.1004 2008.08.29 -
VBA32 3.12.8.4 2008.08.29 -
ViRobot 2008.8.29.1355 2008.08.29 -
VirusBuster 4.5.11.0 2008.08.29 -
Webwasher-Gateway 6.6.2 2008.08.29 -
Information additionnelle
File size: 5120 bytes
MD5...: d66259c3bcefc9caeb481ed52a4eac74
SHA1..: fae81b118abc7a633c40e50a6a9e6436ab09390e
SHA256: d1121d24ad2c21c9273be0fad3041cae5536d8e5a5978d1e6e4b22745c2ba357
SHA512: 5e8da9e8b0f4bc8cac7eb33d44b571679688a0047610109309b5a608bfdbe1e9
a31f1e33627e4f7e20fec377e81ed98dac09e10751129ae792cd4f38012b7492
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100143c
timedatestamp.....: 0x41107b06 (Wed Aug 04 05:58:30 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9f6 0xa00 6.17 4e00a5f3a4edf025b3c717a0eeda8b83
.data 0x2000 0x3c 0x200 0.20 1b87fa2b9d8767271a0a79f001925632
.rsrc 0x3000 0x3e8 0x400 3.35 b77fdf6bc0b4a29190807eeb465bf889

( 3 imports )
> msvcrt.dll: _controlfp, _except_handler3, _c_exit, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit
> KERNEL32.dll: TerminateProcess, GetStartupInfoA, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, lstrcmpiA, MultiByteToWideChar, GetCurrentProcess, lstrlenA
> ole32.dll: CoRegisterSurrogateEx, CoInitializeEx, CLSIDFromString, CoUninitialize
0
Réponse 14 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Tu es sure que tu as envoye le fichier ?
0
Réponse 15 / 24
vanina
 
je pense mais je vais réessayer c'est un peu compliqué tout ça pour moi!!!
0
Réponse 16 / 24
vanina
 
VirusTotal - Analyse gratuite en ligne de virus et malwares - Résultat | עברית |
| Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά |
Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski |
Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite
la détection rapide des virus, vers, chevaux de Troie et toutes sortes de
malwares détectés par les moteurs antivirus. Plus d'informations...
Fichier dllhost.exe reçu le 2008.08.29 20:14:53 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente
en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/34 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 42 et 60 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons
attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.

Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé
(position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper
votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le
système vous envoie une notification quand l'analyse sera terminée.
Email:

AntivirusVersionDernière mise à jourRésultat
AhnLab-V32008.8.29.02008.08.29-
AntiVir7.8.1.232008.08.29-
Authentium5.1.0.42008.08.29-
Avast4.8.1195.02008.08.29-
AVG8.0.0.1612008.08.29-
BitDefender7.22008.08.29-
CAT-QuickHeal9.502008.08.29-
DrWeb4.44.0.091702008.08.29-
eSafe7.0.17.02008.08.28-
eTrust-Vet31.6.60562008.08.29-
Ewido4.02008.08.29-
F-Prot4.4.4.562008.08.29-
Fortinet3.14.0.02008.08.29-
GData192008.08.29-
IkarusT3.1.1.34.02008.08.29-
K7AntiVirus7.10.4322008.08.29-
Kaspersky7.0.0.1252008.08.29-
McAfee53732008.08.29-
Microsoft1.38072008.08.25-
NOD32v233992008.08.29-
Norman5.80.022008.08.29-
Panda9.0.0.42008.08.29-
PCTools4.4.2.02008.08.29-
Prevx1V22008.08.29-
Rising20.59.41.002008.08.29-
Sophos4.33.02008.08.29-
Sunbelt3.1.1592.12008.08.29-
Symantec102008.08.29-
TheHacker6.3.0.6.0672008.08.29-
TrendMicro8.700.0.10042008.08.29-
VBA323.12.8.42008.08.29-
ViRobot2008.8.29.13552008.08.29-
VirusBuster4.5.11.02008.08.29-
Webwasher-Gateway6.6.22008.08.29-
Information additionnelle
File size: 5120 bytes
MD5...: d66259c3bcefc9caeb481ed52a4eac74
SHA1..: fae81b118abc7a633c40e50a6a9e6436ab09390e
SHA256: d1121d24ad2c21c9273be0fad3041cae5536d8e5a5978d1e6e4b22745c2ba357
SHA512: 5e8da9e8b0f4bc8cac7eb33d44b571679688a0047610109309b5a608bfdbe1e9
a31f1e33627e4f7e20fec377e81ed98dac09e10751129ae792cd4f38012b7492
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100143c
timedatestamp.....: 0x41107b06 (Wed Aug 04 05:58:30 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9f6 0xa00 6.17 4e00a5f3a4edf025b3c717a0eeda8b83
.data 0x2000 0x3c 0x200 0.20 1b87fa2b9d8767271a0a79f001925632
.rsrc 0x3000 0x3e8 0x400 3.35 b77fdf6bc0b4a29190807eeb465bf889

( 3 imports )
> msvcrt.dll: _controlfp, _except_handler3, _c_exit, __set_app_type,
__p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm,
__getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit
> KERNEL32.dll: TerminateProcess, GetStartupInfoA, GetModuleHandleA,
SetUnhandledExceptionFilter, UnhandledExceptionFilter,
GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId,
GetTickCount, QueryPerformanceCounter, lstrcmpiA, MultiByteToWideChar,
GetCurrentProcess, lstrlenA
> ole32.dll: CoRegisterSurrogateEx, CoInitializeEx, CLSIDFromString,
CoUninitialize

( 0 exports )

ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il
n'y a aucune garantie quant à la disponibilité et la continuité de ce service.
Bien que le taux de détection permis par l'utilisation de multiples moteurs
antivirus soit bien supérieur à celui offert par seulement un produit, ces
résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a
actuellement aucune solution qui offre un taux d'efficacité de 100% pour la
détection des virus et malwares. VirusTotal © Hispasec Sistemas - Blog -
Contact: info@virustotal.com - Terms of Service & Privacy Policy

voila je pense que tout est la
0
Réponse 17 / 24
vanina
 
est ce que quelqu'un peu reprendre mes analyses, raphy00 est parti et je ne sais pas si mes résultats sont bons
merci
0
Réponse 18 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Re,

J'avais de;ande de l'aide mais apperemment personne n'a reagi.

Je ne suis pas sur de pouvoir vous repondre puisque je partage la salle internet d'un internat...

Bref, as tu d'autres problemes a present ?
0
Réponse 19 / 24
vanina
 
il ne me semble pas mais il rester le dernier rapport de virus total a vérifier, merci et bonne chance dans ton internat!!!
0
Réponse 20 / 24
raphy00 Messages postés 1112 Statut Membre 9
 
Re,

Le rapport virus total est bon.
Sur le site, onglet telecharger, tu telecharges un anti virus, un anti spywares et un firewall.
C'est le minimum.

@+

0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses