Aide contre mon virus

Résolu
X-evil Messages postés 10 Statut Membre -  
dou-l Messages postés 2871 Statut Membre -
Bonjour, Je me suis inscrit sur le forum pour avoir vos solutions contre un virus tenace sur mon ordi, j'ai réussi à me débarrasser de plusieurs virus avant mais celui-ci reste. Il y a d'abord 3 liens internet qui s'affichent sur mon bureau et reviennent, meme après suppression, sur mon bureau quand je redémarre mon ordi. Puis en plus des differents messages d'info qui saffichent sans arret(pour un logiciel antivirus payant bien sur ^^) j'ai une phrase "VIRUS ALERT!" qui s'affiche a coté de l'heure dans la barre d'outils et qui s'incruste aussi dans les dossier à coté de l'heure. C'est pas fini puisque dans le menu démarrer, "tous les programmes" a disparu ainsi que les liens dans la colonne de droite (panneau de config, poste de travail,....) Bien sur clik-droit+propriétés et je restaure les liens mais ca ne marche pas avec le menu "tous les programmes"... Enfin, il désactive mon accession au registre (je sais comment le restaurer mais ca repart une fois que je redemarre mon ordi) ainsi que le panneau de confi Affichage. Voila pour les problèmes ^^"

J'ai utilisé SmitFraudFix mais ça n'a eu aucun effet (contrairement aux autres fois) et après avoir lu quelques sujets je crois qu'il faut que je vous donne mon rapport HiJackThis, que voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31: VIRUS ALERT!, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\fast.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\jklyzmhy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Propriétaire.NOM-W8KZ05N5F7S.001\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: rosqxvmn - {DD75AB82-CBE3-4096-825E-C24BFA82B5FF} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [monutilsys] C:\WINDOWS\system32\jklyzmhy.exe
O4 - HKLM\..\Policies\Explorer\Run: [atyDWS16si] C:\DOCUME~1\PROPRI~1.001\LOCALS~1\Temp\pwrmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer = 85.255.115.157,85.255.112.14
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.157 85.255.112.14
O21 - SSODL: qrbgltos - {A810EE66-F04B-4B4E-88A6-079C2F0CA925} - C:\WINDOWS\qrbgltos.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe

--
End of file - 12305 bytes


Je suis ouvert à vos interrogations si il y a un manque d'infos et j'espère un lendemain meilleur ^^ merci
Configuration: Windows XP
Mozilla Firefox 3.0 Internet Explorer 7.0

12 réponses

  1. X-evil Messages postés 10 Statut Membre 7
     
    Incroyable O_o j'avais autant de virus sur mon ordi... Un grand merci à toi \o/ mon ordi est purifié, en fait j'était nul en la matière on dirait ^^

    En tout cas voici le rapport SmitFraudFix avant :
    SmitFraudFix v2.363

    Rapport fait à 21:36:19,84, 19/10/2008
    Executé à partir de C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\fast.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\jklyzmhy.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1.001\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="wbsys.dll"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.115.157
    DNS Server Search Order: 85.255.112.14

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.115.157
    DNS Server Search Order: 85.255.112.14

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    1
  2. X-evil Messages postés 10 Statut Membre 7
     
    Incroyable O_o j'avais autant de virus sur mon ordi... Un grand merci à toi \o/ mon ordi est purifié, en fait j'était nul en la matière on dirait ^^

    En tout cas voici le rapport SmitFraudFix avant :
    SmitFraudFix v2.363

    Rapport fait à 21:36:19,84, 19/10/2008
    Executé à partir de C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\fast.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\jklyzmhy.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1.001\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="wbsys.dll"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.115.157
    DNS Server Search Order: 85.255.112.14

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.115.157
    DNS Server Search Order: 85.255.112.14

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    1
  3. X-evil Messages postés 10 Statut Membre 7
     
    Incroyable O_o j'avais autant de virus sur mon ordi... Un grand merci à toi \o/ mon ordi est purifié, en fait j'était nul en la matière on dirait ^^

    En tout cas voici le rapport SmitFraudFix avant :
    SmitFraudFix v2.363

    Rapport fait à 21:36:19,84, 19/10/2008
    Executé à partir de C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\fast.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\jklyzmhy.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1.001\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="wbsys.dll"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.115.157
    DNS Server Search Order: 85.255.112.14

    Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 85.255.115.157
    DNS Server Search Order: 85.255.112.14

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{0ED8DEB0-E93C-46B9-A039-84C3E7E81025}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{824BEFB0-3F38-4253-A268-9BAB66F891DB}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADA14BA9-4FD7-4BDF-8447-94501837DFEF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: DhcpNameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E6C92049-BB3B-40C7-A777-131AE84388B0}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E827B888-E1B1-4172-8C19-3E611A4DFBB0}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{EC29DC14-E86F-47F2-BA64-8FE73568F8BF}: NameServer=85.255.115.157,85.255.112.14
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.157 85.255.112.14

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    1
  4. X-evil Messages postés 10 Statut Membre 7
     
    Et le rapport MalwareBytes après nettoyage :
    Malwarebytes' Anti-Malware 1.29
    Version de la base de données: 1290
    Windows 5.1.2600 Service Pack 2

    20/10/2008 00:25:54
    mbam-log-2008-10-20 (00-25-54).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 215758
    Temps écoulé: 2 hour(s), 32 minute(s), 11 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 32
    Valeur(s) du Registre infectée(s): 8
    Elément(s) de données du Registre infecté(s): 41
    Dossier(s) infecté(s): 5
    Fichier(s) infecté(s): 71

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\qrbgltos.dll (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{d47e05ee-7a24-453d-ac6a-401001315c21} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{a59b69e2-43de-4308-9097-ca6d83bd71ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{dd75ab82-cbe3-4096-825e-c24bfa82b5ff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{955bd27e-189f-41c3-b2bb-8a9932009837} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a810ee66-f04b-4b4e-88a6-079c2f0ca925} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rosqxvmn.btsx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\rosqxvmn.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\monutilsys (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{dd75ab82-cbe3-4096-825e-c24bfa82b5ff} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\qrbgltos (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55639-OEM-0011903-00106) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157 85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0ed8deb0-e93c-46b9-a039-84c3e7e81025}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4cf14a98-f6fd-48cd-beb6-1ee6aad84220}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{824befb0-3f38-4253-a268-9bab66f891db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{824befb0-3f38-4253-a268-9bab66f891db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ada14ba9-4fd7-4bdf-8447-94501837dfef}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ada14ba9-4fd7-4bdf-8447-94501837dfef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e6c92049-bb3b-40c7-a777-131ae84388b0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e6c92049-bb3b-40c7-a777-131ae84388b0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ec29dc14-e86f-47f2-ba64-8fe73568f8bf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157 85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0ed8deb0-e93c-46b9-a039-84c3e7e81025}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4cf14a98-f6fd-48cd-beb6-1ee6aad84220}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{824befb0-3f38-4253-a268-9bab66f891db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{824befb0-3f38-4253-a268-9bab66f891db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ada14ba9-4fd7-4bdf-8447-94501837dfef}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ada14ba9-4fd7-4bdf-8447-94501837dfef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e6c92049-bb3b-40c7-a777-131ae84388b0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e6c92049-bb3b-40c7-a777-131ae84388b0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ec29dc14-e86f-47f2-ba64-8fe73568f8bf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157 85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0ed8deb0-e93c-46b9-a039-84c3e7e81025}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{4cf14a98-f6fd-48cd-beb6-1ee6aad84220}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{824befb0-3f38-4253-a268-9bab66f891db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{824befb0-3f38-4253-a268-9bab66f891db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ada14ba9-4fd7-4bdf-8447-94501837dfef}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ada14ba9-4fd7-4bdf-8447-94501837dfef}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e6c92049-bb3b-40c7-a777-131ae84388b0}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{e6c92049-bb3b-40c7-a777-131ae84388b0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ec29dc14-e86f-47f2-ba64-8fe73568f8bf}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.157,85.255.112.14 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.3.36.0 (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\jklyzmhy.exe (Trojan.FakeAlert.H) -> Delete on reboot.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107455.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107458.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107460.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107462.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107464.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107465.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107467.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107470.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107471.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{71098F3C-A1EB-4A91-B548-B2C12F310422}\RP621\A0107474.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.3.36.0\HostOE.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.3.36.0\ZangoSAAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\Program Files\Zango\bin\10.3.36.0\ZangoSAHook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\rosqxvmn.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\qrbgltos.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\RECYCLER\Q678341.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xeoqzlxa_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xeoqzlxa_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dou-l Messages postés 2871 Statut Membre 61
     
    Un nouveau hijackthis stp et évite de mettre les rapport en italique stp merci
    1
  7. X-evil Messages postés 10 Statut Membre 7
     
    Ok désolé je savais pas pour le texte en italique ^^"

    Voila ce que ça donne :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:35:20, on 20/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\fast.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\eMule\emule.exe
    C:\Documents and Settings\Propriétaire.NOM-W8KZ05N5F7S.001\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe
    O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
    O4 - HKLM\..\Policies\Explorer\Run: [atyDWS16si] C:\DOCUME~1\PROPRI~1.001\LOCALS~1\Temp\pwrmgr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
    1
  8. dou-l Messages postés 2871 Statut Membre 61
     
    Rends toi sur ce site :

    https://www.virustotal.com/gui/

    Clique sur parcourir et cherche ce fichier:

    C:\WINDOWS\vsnpstd2.exe

    Un rapport va s'élaborer ligne à ligne.

    Attends la fin. Il doit comprendre le nom du fichier envoyé.

    Sauvegarde le rapport avec le bloc-note.

    Copie le dans ta réponse.
    1
  9. X-evil Messages postés 10 Statut Membre 7
     
    Il m'affiche ceci :

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 - - -
    AntiVir - - -
    Authentium - - -
    Avast - - -
    AVG - - -
    BitDefender - - -
    CAT-QuickHeal - - -
    ClamAV - - -
    DrWeb - - -
    eSafe - - -
    eTrust-Vet - - -
    Ewido - - -
    F-Prot - - -
    F-Secure - - Suspicious:W32/Botter.a!Gemini
    Fortinet - - -
    GData - - -
    Ikarus - - -
    K7AntiVirus - - -
    Kaspersky - - -
    McAfee - - -
    Microsoft - - -
    NOD32 - - -
    Norman - - -
    Panda - - -
    PCTools - - -
    Prevx1 - - -
    Rising - - -
    SecureWeb-Gateway - - -
    Sophos - - -
    Sunbelt - - -
    Symantec - - -
    TheHacker - - -
    TrendMicro - - -
    VBA32 - - -
    ViRobot - - -
    VirusBuster - - -
    Information additionnelle
    MD5: 1d7fece22af800c2a4953c10264d680e
    SHA1: bf56588698d0a6ab3bfc920818178fa7e3caa639
    SHA256: 6deba84b2295c55fdf90daaffaa988735f155a740f4f5f402d4bc94ed22b28f7
    SHA512: da6b75e75b504064076ed5bf87fa7d3497d6272f527ab9e3b92733ca56313092659b41929488504f607a14a83f340ffde03e70a1b4e1ac2794b7099aa6693ae1
    1
  10. dou-l Messages postés 2871 Statut Membre 61
     
    moé :

    Pour etre sur qu'il n y est plus rien :

    un scan smifraud option 1 stp
    1
  11. X-evil Messages postés 10 Statut Membre 7
     
    ça me donne ça, encore merci d'avoir résolu mes problemes :

    SmitFraudFix v2.363

    Rapport fait à 21:54:56,42, 20/10/2008
    Executé à partir de C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
    C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
    C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Inventel\Gateway\wlancfg.exe
    C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
    C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
    C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
    C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\fast.exe
    C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
    C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
    C:\WINDOWS\vsnpstd2.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire.NOM-W8KZ05N5F7S.001\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1.001\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="wbsys.dll"
    "LoadAppInit_DLLs"=dword:00000001

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    Description: 802.11g USB 2.0 adapter #3 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{4CF14A98-F6FD-48CD-BEB6-1EE6AAD84220}: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    1
  12. dou-l Messages postés 2871 Statut Membre 61
     
    ok

    Fait un scan bitdefender en ligne ---> ici
    1
  13. dou-l Messages postés 2871 Statut Membre 61
     
    salut,

    télécharge smitfraudfix :

    # Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.

    puis,

    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    Je revien demin après midi @+
    -1