Rond rouge avc une croix dedans

coucky -  
 Utilisateur anonyme -
Bonjour,

Depui 3 jour est arrivé ds la barre en bas (excusez moi je n'y connais rien, maman et enfants en vacances) un rond rouge avec une crois blche dedans et une fenetre qui s'ouvre tout le temps me disant que l'ordi est ifecté et qu'il est recommandé d'installer anti spyware tool etc... et si ça demarre c'est XP antispireware2009 install qui demarre , j'installe ou pas ?
Configuration: Windows XP
Internet Explorer 6.0

67 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

La discussion porte sur une infection sous Windows XP affichant un rond rouge avec une croix et des fenêtres d’alerte anti-spyware, avec un démarrage automatique d’un logiciel supposément malveillant.
Plusieurs approches sont proposées, notamment Malwarebytes' Anti-Malware et SmitfraudFix en mode sans échec pour nettoyer les fichiers infectés et générer des rapports, puis vérifier le registre et les paramètres.
Des réponses insistent aussi sur des outils comme HijackThis pour identifier les objets suspects et sur l’importance de redémarrer en mode sans échec et d’utiliser des rapports pour orienter l’action.
En cas de doute, certaines contributions mettent en garde contre des faux positifs et recommandent de lire les tutoriels et de ne pas exécuter directement des outils sans avis compétent.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Salut,

    Alors tu es trés infecter comme la dit gorginho.

    Notamment le trojan "vundo et pour éradiquer tout tes virus il faudra écouter personne d'autres.

    Commence par relancer malwarebyte et vide la quarantaine.UN TUTO ET A ETAIT MIT SERT TOI EN.

    Ensuite fait ceci STP.

    merci
    installe [- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe smitfraudfix]

    #1) Recherche:

    * Double cliquer sur SmitfraudFix.exe

    * Sélectionner 1 et pressez Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système

    C:\rapport.txt

    ==>et colle le rapport génèrer sur le forum.

    *=>ne pas faire l'option 2 sans un avis d'une personne compétente*<=
    1
  2. Utilisateur anonyme
     
    Re,

    Un tuto est enfait une explication du logiciel que tu va utiliser.

    Maintenant fait ceci:

    2) Nettoyage:

    * Redemarrer l'ordinateur en mode sans échec:

    * Double cliquer sur smitfraudix:

    * Sélectionner 2 et pressez<gras> Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

    * A la question: Voulez-vous nettoyer le registre ?<gras> répondre O (oui) et pressez Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection
    :.

    * Le fix déterminera si le fichier wininet.dll est infecté. A la question: Corriger le fichier infecté ? répondre O (oui) et pressez Entrée pour remplacer le fichier corrompu:.

    * Un redemarrage sera peut être necessaire pour terminer la procedure de nettoyage. Le rapport se trouve à la racine du disque système C:\rapport.txt:

    Option::

    * Pour effacer la liste des sites de confiance et sensibles, sélectionner 3 et pressez Entrée dans le menu.

    * A la question: Réinitialiser la liste des sites de confiance et sensibles ? répondre O (oui) et pressez Entrée afin de restaurer les zones de confiances et sensibles:.

    :FAUX POSITIF::

    process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    1
    1. coucky
       
      je n'arrive pas a enoyer le rapport, sa afait le nettoyage et l'ordi a redemarré avant la quetion de corriger le fichier infecté, cela fait dix fois que j'envoie le rapport qui est tres long, deja voir si ce message passe
      0
  3. Tigras
     
    Bonjour,

    N'installe surtout pas !! C'est un trojan qui peux foutre en l'air tout ton PC en un clic, j'en ai fais l'experience a moitié

    Télécharge HijackThis et fais un rapport ici, après je ne peux pas t'aider désolé je n'y connais rien en infections

    Bonne chance
    0
    1. coucky
       
      merci et je ne sais pas ce que c'est ce hijack this mais bon je ne repondrais pas pas mais comment le supprimer car ce truc apparait tt le temps
      0
    2. coucky
       
      merci mais highjack this je ne sais meme pas ce que sais, comment je peux enlever ce truc qui apparait tout le temps
      0
  4. Utilisateur anonyme
     
    Salut,

    =>>Pour désactiver la restauration système dans windows XP, cliquez sur :
    Démarrer => Panneau de configuration => Système => onglet restauration du système et cocher la case :

    télécharge hijackthis
    -> enregistre la cible sous .... "le bureau"

    ->renommer hijackthis en faisant comme suit:Fais un clic droit sur hijackthis, choisis "renommer" marque : ABCD.exe

    -> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

    -> Clique sur Install ensuite sur "I Accept"

    -> Clique sur" Do a scan system and save log file"

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

    =><Avant tout emploi de logiciel, s’assurer que les protections de registres tel que le Tea Timer de spybot sont désactivées (notamment lors de l’emploi d’HijackThis)
    Spybot >mode avancé> outils > résident
    Décocher la case résident "tea timer"

    Refermer Spybot.
    ==============================POUR VISTA==================================
    =>< Désactive le « contrôle des comptes utilisateurs = UAC »
    (tu le réactiveras après ta désinfection): Ne pas oublier !!
    Désactiver l'UAC est nécessaire pour pouvoir faire fonctionner certains programmes sous Vista.
    comment désactiver l'UAC
    - Vas dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    =><><Désactiver la restauration système
    0
    1. coucky
       
      voila c'est compliqué pour moi mais voici le bloc noteLogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:00:36, on 01/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\OneStep\onestep.exe
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\Orange HSS\Systray\SystrayApp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\WINDOWS\system32\devldr32.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\brastk.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Orange HSS\Launcher\Launcher.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\documents and settings\nathalie\local settings\application data\aoycu.exe
      C:\Program Files\Orange HSS\Deskboard\deskboard.exe
      C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
      C:\Program Files\Orange HSS\browser\browser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
      O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [brastk] brastk.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [5c04344f] rundll32.exe "C:\WINDOWS\system32\akimbdfj.dll",b
      O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
      O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
      O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: https://www.orange.fr/portail
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat
      O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
      0
    2. coucky
       
      voila c'est compliqué pour moi mais voici le bloc noteLogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:00:36, on 01/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\OneStep\onestep.exe
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\Orange HSS\Systray\SystrayApp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\WINDOWS\system32\devldr32.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\brastk.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Orange HSS\Launcher\Launcher.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\documents and settings\nathalie\local settings\application data\aoycu.exe
      C:\Program Files\Orange HSS\Deskboard\deskboard.exe
      C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
      C:\Program Files\Orange HSS\browser\browser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
      O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [brastk] brastk.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [5c04344f] rundll32.exe "C:\WINDOWS\system32\akimbdfj.dll",b
      O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
      O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
      O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: https://www.orange.fr/portail
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O20 - AppInit_DLLs: C:\WINDOWS\system32\karna.dat
      O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
      0
    3. coucky
       
      ben alors
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. coucky
     
    ca ma l'air bien compliqué mais je vais essayer
    0
  7. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Salut !

    En attendant goldorak59

    MessengerSkinner = programme gratuit qui installe un adware.

    Tu est infecté par L'adware NAVIPROMO ( entre autres cochonneries )

    C"est un adware succeptible d'ouvrir des popups de publicités.
    Il est connu pour afficher des popups de pub pornographiques
    Des popup d'alertes pour les antivirus WinantivirusPro, Drive Cleaner, NaviSearch, serwab, Spyware-Secure ou System Doctor

    Adware.Magic.Control utilise des techniques de rootkit, ce qui le rend difficile à supprimer. Beaucoup d'antispyware ne sont pas capable de le supprimer.

    Cet adware est installé par les programmes :

    * go-astro
    * GoRecord
    * HotTVPlayer / HotTVPlayer & Paris Hilton
    * Live-Player
    * MailSkinner
    * Messenger Skinner
    * Instant Access
    * InternetGameBox
    * Officiale Emule (Version d'Emule modifiée)
    * Sudoplanet
    * Webmediaplayer
    * Sur le site www.games-desktop.com (n'allez pas dessus!!)

    Télécharge Navilog1.exe << ICI

    Note : Si, lors du téléchargement, ton Antivirus fais une alerte, ignore-là, un composant de Navilog1 est détecté par certains AntiVirus comme étant un Malware .
    Ce n'en est nullement un !


    * Choisis Enregistrer sous.... et enregistre-le sur ton bureau.
    * Ensuite double clique sur navilog1.exe pour lancer l'installation.
    * Une fois l'installation terminée,

    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valide.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    *
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    * Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    * Copie-colle l'intégralité du rapport dans ta réponse.
    Referme le blocnote.

    * Le rapport est en outre sauvegardé à la racine du disque C:\ (fixnavi.txt)

    Copie/colle le ici dans ta prochaine réponse stp.

    @+
    0
    1. coucky
       
      navilog a ete enregistré sur le bureau mais rien ne se passe et je n'arrive pas a l'ouvrir
      0
  8. coucky
     
    je n'arrive pas a ouvrir navilog
    0
    1. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
       
      Bon, on fait autrement :

      Je vois que tu as Malwarebytes' Anti-Malware

      Double clique sur l'icone de MBAM, puis sur l'onglet
      Clique sur " rechercher des mises a jour "
      ( voir image =>http://cjoint.com/data/lbx0AzqdZX.htm
      Patiente le temps que la màj se fasse.
      Dès que c'est ok, fait ce qui suit :

      * Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

      MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

      A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

      * Si des malwares ont été détectés, leur liste s'affiche.

      Coche tous les éléments détectés par Malwarebytes' Anti-Malware puis clique sur Supprimer la sélection afin d'éradiquer les malwares détectés.
      /!\ (a faire impérativement sous peine de recommencer le scan) /!\ , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.


      MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

      Ferme MBAM en cliquant sur Quitter.

      Poste le rapport dans ta réponse

      Tutoriel
      Un autre si tu as besoin d'aide.
      0
      1. coucky > jorginho67 Messages postés 15447 Statut Contributeur sécurité
         
        Voila en fait sa fait +de 4 heures que j'essaie de resoudre ce probleme, je t'envoie mon rapport de malwarebytes mais heureusement que l'ordi marchouille car la je cale, merci quand même, mais c'est pas l'analyse complète, là je n'ai plus le temps de tout refaire.
        Nathalie
        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1169
        Windows 5.1.2600 Service Pack 2

        31/10/2008 11:41:06
        mbam-log-2008-10-31 (11-41-06).txt

        Type de recherche: Examen rapide
        Eléments examinés: 73905
        Temps écoulé: 29 minute(s), 58 second(s)

        Processus mémoire infecté(s): 1
        Module(s) mémoire infecté(s): 3
        Clé(s) du Registre infectée(s): 9
        Valeur(s) du Registre infectée(s): 4
        Elément(s) de données du Registre infecté(s): 2
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 42

        Processus mémoire infecté(s):
        C:\documents and settings\Nathalie\local settings\application data\qyswyoc.exe (Adware.Navipromo.H) -> Unloaded process successfully.

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> Delete on reboot.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdusme (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04344f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qyswyoc (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> Delete on reboot.

        Dossier(s) infecté(s):
        C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\WHhNqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\WHhNqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\efcCsrqo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\oqrsCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\oqrsCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\ccirioqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\juamgble.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\elbgmauj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\lecbghyg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\gyhgbcel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\pdpwdehv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vhedwpdp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\xkfyryhk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\khyryfkx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
        C:\WINDOWS\system32\ljJBsSLD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ljJDVmnm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssqPGWQg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\geBsrRkj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nnnopoPh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\yos hurtado\Local Settings\Temporary Internet Files\Content.IE5\YPYFGNWV\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jkkHWMdd.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\ddcYSLee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        bloc notes

        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1169
        Windows 5.1.2600 Service Pack 2

        31/10/2008 11:40:41
        mbam-log-2008-10-31 (11-40-29).txt

        Type de recherche: Examen rapide
        Eléments examinés: 73905
        Temps écoulé: 29 minute(s), 58 second(s)

        Processus mémoire infecté(s): 1
        Module(s) mémoire infecté(s): 3
        Clé(s) du Registre infectée(s): 9
        Valeur(s) du Registre infectée(s): 4
        Elément(s) de données du Registre infecté(s): 2
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 42

        Processus mémoire infecté(s):
        C:\documents and settings\Nathalie\local settings\application data\qyswyoc.exe (Adware.Navipromo.H) -> No action taken.

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> No action taken.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> No action taken.
        HKEY_CLASSES_ROOT\CLSID\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdusme (Trojan.Vundo.H) -> No action taken.
        HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04344f (Trojan.Vundo.H) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qyswyoc (Adware.Navipromo.H) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> No action taken.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> No action taken.

        Dossier(s) infecté(s):
        C:\Program Files\Outerinfo (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> No action taken.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\WHhNqBeg.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\WHhNqBeg.ini2 (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\efcCsrqo.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\oqrsCcfe.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\oqrsCcfe.ini2 (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ccirioqf.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\juamgble.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\elbgmauj.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\lecbghyg.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\gyhgbcel.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\pdpwdehv.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\vhedwpdp.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\xkfyryhk.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khyryfkx.ini (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_navps.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_nav.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.exe (Adware.Navipromo.H) -> No action taken.
        C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> No action taken.
        C:\WINDOWS\system32\ljJBsSLD.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ljJDVmnm.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ssqPGWQg.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\geBsrRkj.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\nnnopoPh.dll (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\yos hurtado\Local Settings\Temporary Internet Files\Content.IE5\YPYFGNWV\upd105320[1] (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\upd105320[1] (Trojan.Vundo.H) -> No action taken.
        C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> No action taken.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
        C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
        C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
        C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken.
        C:\WINDOWS\system32\jkkHWMdd.dll (Trojan.Vundo) -> No action taken.
        C:\WINDOWS\system32\ddcYSLee.dll (Trojan.Vundo) -> No action taken.
        0
      2. coucky > jorginho67 Messages postés 15447 Statut Contributeur sécurité
         
        Voila en fait sa fait +de 4 heures que j'essaie de resoudre ce probleme, je t'envoie mon rapport de malwarebytes mais heureusement que l'ordi marchouille car la je cale, merci quand même, mais c'est pas l'analyse complète, là je n'ai plus le temps de tout refaire.
        Nathalie
        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1169
        Windows 5.1.2600 Service Pack 2

        31/10/2008 11:41:06
        mbam-log-2008-10-31 (11-41-06).txt

        Type de recherche: Examen rapide
        Eléments examinés: 73905
        Temps écoulé: 29 minute(s), 58 second(s)

        Processus mémoire infecté(s): 1
        Module(s) mémoire infecté(s): 3
        Clé(s) du Registre infectée(s): 9
        Valeur(s) du Registre infectée(s): 4
        Elément(s) de données du Registre infecté(s): 2
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 42

        Processus mémoire infecté(s):
        C:\documents and settings\Nathalie\local settings\application data\qyswyoc.exe (Adware.Navipromo.H) -> Unloaded process successfully.

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> Delete on reboot.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdusme (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04344f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qyswyoc (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> Delete on reboot.

        Dossier(s) infecté(s):
        C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\WHhNqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\WHhNqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\efcCsrqo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\oqrsCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\oqrsCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\ccirioqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\juamgble.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\elbgmauj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\lecbghyg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\gyhgbcel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\pdpwdehv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vhedwpdp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\xkfyryhk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\khyryfkx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
        C:\WINDOWS\system32\ljJBsSLD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ljJDVmnm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssqPGWQg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\geBsrRkj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nnnopoPh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\yos hurtado\Local Settings\Temporary Internet Files\Content.IE5\YPYFGNWV\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jkkHWMdd.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\ddcYSLee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        bloc notes

        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1169
        Windows 5.1.2600 Service Pack 2

        31/10/2008 11:40:41
        mbam-log-2008-10-31 (11-40-29).txt

        Type de recherche: Examen rapide
        Eléments examinés: 73905
        Temps écoulé: 29 minute(s), 58 second(s)

        Processus mémoire infecté(s): 1
        Module(s) mémoire infecté(s): 3
        Clé(s) du Registre infectée(s): 9
        Valeur(s) du Registre infectée(s): 4
        Elément(s) de données du Registre infecté(s): 2
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 42

        Processus mémoire infecté(s):
        C:\documents and settings\Nathalie\local settings\application data\qyswyoc.exe (Adware.Navipromo.H) -> No action taken.

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> No action taken.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> No action taken.
        HKEY_CLASSES_ROOT\CLSID\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdusme (Trojan.Vundo.H) -> No action taken.
        HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04344f (Trojan.Vundo.H) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qyswyoc (Adware.Navipromo.H) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> No action taken.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> No action taken.

        Dossier(s) infecté(s):
        C:\Program Files\Outerinfo (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> No action taken.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\WHhNqBeg.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\WHhNqBeg.ini2 (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\efcCsrqo.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\oqrsCcfe.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\oqrsCcfe.ini2 (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ccirioqf.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\juamgble.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\elbgmauj.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\lecbghyg.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\gyhgbcel.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\pdpwdehv.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\vhedwpdp.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\xkfyryhk.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khyryfkx.ini (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_navps.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_nav.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.exe (Adware.Navipromo.H) -> No action taken.
        C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> No action taken.
        C:\WINDOWS\system32\ljJBsSLD.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ljJDVmnm.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ssqPGWQg.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\geBsrRkj.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\nnnopoPh.dll (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\yos hurtado\Local Settings\Temporary Internet Files\Content.IE5\YPYFGNWV\upd105320[1] (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\upd105320[1] (Trojan.Vundo.H) -> No action taken.
        C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> No action taken.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
        C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
        C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
        C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken.
        C:\WINDOWS\system32\jkkHWMdd.dll (Trojan.Vundo) -> No action taken.
        C:\WINDOWS\system32\ddcYSLee.dll (Trojan.Vundo) -> No action taken.
        0
      3. coucky > jorginho67 Messages postés 15447 Statut Contributeur sécurité
         
        Voila en fait sa fait +de 4 heures que j'essaie de resoudre ce probleme, je t'envoie mon rapport de malwarebytes mais heureusement que l'ordi marchouille car la je cale, merci quand même, mais c'est pas l'analyse complète, là je n'ai plus le temps de tout refaire.
        Nathalie
        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1169
        Windows 5.1.2600 Service Pack 2

        31/10/2008 11:41:06
        mbam-log-2008-10-31 (11-41-06).txt

        Type de recherche: Examen rapide
        Eléments examinés: 73905
        Temps écoulé: 29 minute(s), 58 second(s)

        Processus mémoire infecté(s): 1
        Module(s) mémoire infecté(s): 3
        Clé(s) du Registre infectée(s): 9
        Valeur(s) du Registre infectée(s): 4
        Elément(s) de données du Registre infecté(s): 2
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 42

        Processus mémoire infecté(s):
        C:\documents and settings\Nathalie\local settings\application data\qyswyoc.exe (Adware.Navipromo.H) -> Unloaded process successfully.

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> Delete on reboot.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdusme (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04344f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qyswyoc (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> Delete on reboot.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> Delete on reboot.

        Dossier(s) infecté(s):
        C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\WHhNqBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\WHhNqBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\efcCsrqo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\oqrsCcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\oqrsCcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> Delete on reboot.
        C:\WINDOWS\system32\ccirioqf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\juamgble.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\elbgmauj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\lecbghyg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\gyhgbcel.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\pdpwdehv.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\vhedwpdp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\xkfyryhk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\khyryfkx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Delete on reboot.
        C:\WINDOWS\system32\ljJBsSLD.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ljJDVmnm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\ssqPGWQg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\geBsrRkj.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\nnnopoPh.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\yos hurtado\Local Settings\Temporary Internet Files\Content.IE5\YPYFGNWV\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\jkkHWMdd.dll (Trojan.Vundo) -> Delete on reboot.
        C:\WINDOWS\system32\ddcYSLee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

        bloc notes

        Malwarebytes' Anti-Malware 1.28
        Version de la base de données: 1169
        Windows 5.1.2600 Service Pack 2

        31/10/2008 11:40:41
        mbam-log-2008-10-31 (11-40-29).txt

        Type de recherche: Examen rapide
        Eléments examinés: 73905
        Temps écoulé: 29 minute(s), 58 second(s)

        Processus mémoire infecté(s): 1
        Module(s) mémoire infecté(s): 3
        Clé(s) du Registre infectée(s): 9
        Valeur(s) du Registre infectée(s): 4
        Elément(s) de données du Registre infecté(s): 2
        Dossier(s) infecté(s): 3
        Fichier(s) infecté(s): 42

        Processus mémoire infecté(s):
        C:\documents and settings\Nathalie\local settings\application data\qyswyoc.exe (Adware.Navipromo.H) -> No action taken.

        Module(s) mémoire infecté(s):
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> No action taken.

        Clé(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> No action taken.
        HKEY_CLASSES_ROOT\CLSID\{00f0481f-9a40-4651-8ba7-5ab8510fcc9a} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdusme (Trojan.Vundo.H) -> No action taken.
        HKEY_CLASSES_ROOT\CLSID\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outerinfo (Adware.Outerinfo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

        Valeur(s) du Registre infectée(s):
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5c04344f (Trojan.Vundo.H) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qyswyoc (Adware.Navipromo.H) -> No action taken.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> No action taken.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{62d1390b-75e8-445c-a99d-3340e08fd4c5} (Trojan.Vundo.H) -> No action taken.

        Elément(s) de données du Registre infecté(s):
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> No action taken.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\gebqnhhw -> No action taken.

        Dossier(s) infecté(s):
        C:\Program Files\Outerinfo (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> No action taken.

        Fichier(s) infecté(s):
        C:\WINDOWS\system32\geBqNhHW.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\WHhNqBeg.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\WHhNqBeg.ini2 (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khfDuSMe.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\efcCsrqo.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\oqrsCcfe.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\oqrsCcfe.ini2 (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\fqoiricc.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ccirioqf.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\juamgble.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\elbgmauj.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\lecbghyg.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\gyhgbcel.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\pdpwdehv.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\vhedwpdp.ini (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\xkfyryhk.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\khyryfkx.ini (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_navps.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc_nav.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.dat (Adware.Navipromo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Application Data\qyswyoc.exe (Adware.Navipromo.H) -> No action taken.
        C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> No action taken.
        C:\WINDOWS\system32\ljJBsSLD.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ljJDVmnm.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\ssqPGWQg.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\geBsrRkj.dll (Trojan.Vundo.H) -> No action taken.
        C:\WINDOWS\system32\nnnopoPh.dll (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\yos hurtado\Local Settings\Temporary Internet Files\Content.IE5\YPYFGNWV\upd105320[1] (Trojan.Vundo.H) -> No action taken.
        C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\0X2FGHMN\upd105320[1] (Trojan.Vundo.H) -> No action taken.
        C:\Program Files\Outerinfo\OiUninstaller.exe (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\outerinfo.ico (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> No action taken.
        C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> No action taken.
        C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
        C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
        C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> No action taken.
        C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> No action taken.
        C:\WINDOWS\system32\jkkHWMdd.dll (Trojan.Vundo) -> No action taken.
        C:\WINDOWS\system32\ddcYSLee.dll (Trojan.Vundo) -> No action taken.
        0
  9. florian
     
    bonsoir nathalie (je l'ai vu dans hijackthis en l'analysant c'est ecrit c:/document......./Nathalie/bureau...
    tu as trois virus:
    supprime les fichiers: brastk.exe
    onestep.exe
    le troisieme pas trouver de solution
    donc suprime ces deux fichier et refais une analyse avec ton en antivirus en mode sans echec(f8 au demarrage du pc)

    a tu ce message:"Erreur d'application, l'application a généré des erreurs et sera fermé par Windows"
    0
    1. coucky
       
      jai reussi a supprimer brastk exe mais pas brastk et j'ai reussi a supprimer onestep exe mais pas onestep (protégé etc... bon je vais redemarrer en mode sans echec mais sa risque de durer car l'ordi ne veut plus s'eteindre seul @+
      0
    2. coucky
       
      alors j'ai tout fais et déja sur mon ordi c'est f10 pour mode sans echec ,j'ai fait un spybot et rien de special a part mailskinner mais bon en fait sa fait 4 heures que je suis sur le site et j'ai tjs le meme pb heureusement que sa marche qd meme c'est surtout cette fenetre qui s'ouvre contament et j'ai que mon garçon de 10 ans clique dessus, voila. Je n'ai pas eu de message erreur d'application
      0
  10. coucky
     
    Bonjour, donc j'y suis depuis hier alors le viens de vider la quarantaine et voici le rapport smifraudFix (je ne sais pas ce que c'est untuto

    Rapport fait à 13:03:17,95, 02/11/2008
    Executé à partir de C:\Documents and Settings\Nathalie\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\OneStep\onestep.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\OneStep\onestep.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\EoRezo\EoEngine.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\brastk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\documents and settings\nathalie\local settings\application data\aoycu.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Orange HSS\browser\browser.exe
    C:\Documents and Settings\Nathalie\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 legal-at-spybot.info
    127.0.0.1 www.legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\karna.dat PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\karna.dat PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nathalie

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nathalie\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nathalie\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Nathalie\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\system32\\karna.dat"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{99EF983E-10C5-4E95-BD1F-C10F40F64943}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{99EF983E-10C5-4E95-BD1F-C10F40F64943}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{99EF983E-10C5-4E95-BD1F-C10F40F64943}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  11. Utilisateur anonyme
     
    Re,

    Ce doit être le forum qui bugg ou je sais pas?

    Sinon,

    Refait moi un hijackthis.STP.

    merci.
    0
    1. coucky
       
      j'essaie d'envoyer la d127.0.0.1 utils.errorsafe.com ## added by CiD
      127.0.0.1 utils.winantivirus.com ## added by CiD
      127.0.0.1 utils.winfixer.com ## added by CiD
      127.0.0.1 winantispyware.com ## added by CiD
      127.0.0.1 winantivirus.com ## added by CiD
      127.0.0.1 winfixer.com ## added by CiD
      127.0.0.1 winfixer2006.com ## added by CiD
      127.0.0.1 winsoftware.com ## added by CiD
      127.0.0.1 www.drivecleaner.com ## added by CiD
      127.0.0.1 www.errorprotector.com ## added by CiD
      127.0.0.1 www.errorsafe.com ## added by CiD
      127.0.0.1 www.systemdoctor.com ## added by CiD
      127.0.0.1 www.utils.winfixer.com ## added by CiD
      127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
      127.0.0.1 www.win-virus-pro.com ## added by CiD
      127.0.0.1 www.winantispam.com ## added by CiD
      127.0.0.1 www.winantispy.com ## added by CiD
      127.0.0.1 www.winantispyware.com ## added by CiD
      127.0.0.1 www.winantivirus.com ## added by CiD
      127.0.0.1 www.winantiviruspro.com ## added by CiD
      127.0.0.1 www.windrivecleaner.com ## added by CiD
      127.0.0.1 www.windrivesafe.com ## added by CiD
      127.0.0.1 www.winfixer.com ## added by CiD
      127.0.0.1 www.winfixer2006.com ## added by CiD
      127.0.0.1 www.winsoftware.com ## added by CiD

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

      Problème suppression C:\WINDOWS\system32\Delete_Me_Dummy_karna.dat

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

      AntiXPVSTFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{99EF983E-10C5-4E95-BD1F-C10F40F64943}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS2\Services\Tcpip\..\{99EF983E-10C5-4E95-BD1F-C10F40F64943}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{99EF983E-10C5-4E95-BD1F-C10F40F64943}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Reboot

      C:\WINDOWS\system32\Delete_Me_Dummy_karna.dat supprimé


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      erniere partie de mon rapport et je fais hijackthis
      0
  12. coucky
     
    voici mon hijackthis je comLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:32:48, on 02/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\OneStep\onestep.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\brastk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\documents and settings\nathalie\local settings\application data\aoycu.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\OneStep\onestep.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\browser\browser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
    O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
    O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
    0
  13. Utilisateur anonyme
     
    Re,

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.

    • Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur une touche pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !
    0
    1. coucky
       
      j ai bien suivi mais je ne vois aucun runthis.bat, quand j'ouvre SDFix , il y a extraire et on me dit de faire ce que tu m'as dis en mode sans echec mais quand j'ouvre sdfix dans c il y a un runthis (sans bat) et apparement il na pas été crée aujourd'hui et si je clique dessus on me dis que je n'ai pas l'autorisation. Je dois commencer a t'ennuyer mais la, je desespere
      0
  14. Utilisateur anonyme
     
    Re,

    Essai avec celui là:RunThis

    @+
    0
  15. coucky
     
    je n'y suis vraiment pas arrivé et l'ordi bug je n'arrivais plus a ouvrir le site, cela fera 48 h et tjs rien par contre qd j'ouvre SDFix, run this me répond que NTVDM a rencontré une instruction non autorisée, sinon sur c, il y avait çeci
    [b]System Report[/b]
    *************

    Run on 02/11/2008 at 18:17

    Microsoft Windows XP [version 5.1.2600]

    Current user is an administrator

    [b]Running Processes[/b]:

    \SystemRoot\System32\smss.exe [128]
    \??\C:\WINDOWS\system32\csrss.exe [176]
    \??\C:\WINDOWS\system32\winlogon.exe [200]
    C:\WINDOWS\system32\services.exe [248]
    C:\WINDOWS\system32\lsass.exe [260]
    C:\WINDOWS\system32\svchost.exe [436]
    C:\WINDOWS\system32\svchost.exe [516]
    C:\WINDOWS\system32\svchost.exe [564]
    C:\WINDOWS\Explorer.EXE [804]
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe [1060]
    C:\WINDOWS\system32\NOTEPAD.EXE [180]

    [b]Drivers - Running[/b]:

    ACPI
    atapi
    Cdfs
    Cdrom
    Disk
    FltMgr
    Ftdisk
    GEARAspiWDM
    i8042prt
    Imapi
    isapnp
    Kbdclass
    KSecDD
    Mouclass
    MountMgr
    Msfs
    mssmbios
    Mup
    NDIS
    Npfs
    Ntfs
    Null
    ohci1394
    PartMgr
    PCI
    PCIIde
    redbook
    sr
    swenum
    TermDD
    Update
    usbccgp
    usbehci
    usbhub
    usbohci
    usbstor
    VgaSave
    VolSnap

    [b]Drivers - Stopped[/b]:

    Abiosdsk
    abp480n5
    ACPIEC
    adpu160m
    aec
    AFD
    Aha154x
    aic78u2
    aic78xx
    AliIde
    amsint
    Arp1394
    asc
    asc3350p
    asc3550
    ASPI32
    AsyncMac
    Atdisk
    atksgt
    Atmarpc
    audstub
    Beep
    cbidf2k
    CCDECODE
    cd20xrnt
    Cdaudio
    Changer
    CmdIde
    Cpqarray
    ctljystk
    dac960nt
    dmboot
    dmio
    dmload
    DMusic
    dpti2o
    drmkaud
    emu10k
    emu10k1
    Fastfat
    Fdc
    Fips
    Flpydisk
    gameenum
    Gpc
    hpn
    HTTP
    i2omgmt
    i2omp
    ini910u
    IntelIde
    Ip6Fw
    IpFilterDriver
    IpInIp
    IpNat
    IPSec
    IRENUM
    khtml
    kmixer
    lbrtfdc
    lirsgt
    mnmdd
    Modem
    mraid35x
    MRxDAV
    MRxSmb
    MSKSSRV
    MSPCLOCK
    MSPQM
    MSTEE
    NABTSFEC
    NdisIP
    NdisTapi
    Ndisuio
    NdisWan
    NDProxy
    NetBIOS
    NetBT
    NIC1394
    NwlnkFlt
    NwlnkFwd
    Parport
    ParVdm
    PCAMPR5
    PCANDIS5
    PCIDump
    Pcmcia
    PDCOMP
    PDFRAME
    PDRELI
    PDRFRAME
    perc2
    perc2hib
    PfModNT
    PptpMiniport
    Processor
    PSched
    Ptilink
    ql1080
    Ql10wnt
    ql12160
    ql1240
    ql1280
    RasAcd
    Rasl2tp
    RasPppoe
    Raspti
    Rdbss
    RDPCDD
    RDPWD
    rtl8139
    Secdrv
    Serial
    Sfloppy
    sfman
    Simbad
    SLIP
    SONYPVU1
    Sparrow
    splitter
    Srv
    streamip
    swmidi
    symc810
    symc8xx
    sym_hi
    sym_u3
    sysaudio
    Tcpip
    TDPIPE
    TDTCP
    TosIde
    Udfs
    ultra
    USBAAPL
    usbaudio
    usbprint
    ViaIde
    VX1000
    Wanarp
    WDICA
    wdmaud
    WSTCODEC

    [b]Services - Running[/b]:

    CryptSvc
    DcomLaunch
    Eventlog
    helpsvc
    PlugPlay
    RpcSs
    srservice
    winmgmt

    [b]Services - Stopped[/b]:

    Alerter
    ALG
    AppMgmt
    aspnet_state
    AudioSrv
    BITS
    Bonjour
    Boonty
    Browser
    CiSvc
    ClipSrv
    clr_optimization_v2.0.50727_32
    COMSysApp
    Creative
    Dhcp
    dmadmin
    dmserver
    Dnscache
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    FTRTSVC
    Generic
    gusvc
    HidServ
    HTTPFilter
    IDriverT
    ImapiService
    InstallShield
    iPod
    lanmanserver
    lanmanworkstation
    LmHosts
    Messenger
    mnmsrvc
    MSDTC
    MSIServer
    MSSQL$SONY_MEDIAMGR
    MSSQLServerADHelper
    NetDDE
    NetDDEdsdm
    Netlogon
    Netman
    Nla
    NtLmSsp
    NtmsSvc
    OneStepSearch
    ose
    PolicyAgent
    ProtectedStorage
    RasAuto
    RasMan
    RDSessMgr
    RemoteAccess
    RpcLocator
    RSVP
    SamSs
    SCardSvr
    Schedule
    seclogon
    SENS
    SharedAccess
    ShellHWDetection
    Spooler
    SQLAgent$SONY_MEDIAMGR
    SSDPSRV
    stisvc
    SwPrv
    SysmonLog
    TapiSrv
    TermService
    Themes
    TrkWks
    upnphost
    UPS
    usnjsvc
    VSS
    W32Time
    WebClient
    WLSetupSvc
    WMDM
    WmdmPmSN
    WmiApSrv
    wscsvc
    wuauserv
    WZCSVC
    xmlprov

    [b]Files Created/Modified - 60 Days[/b]:

    C:\

    C:\WINDOWS\

    C:\Program Files\

    [b]Files with hidden attributes[/b]:

    [b]Program Folders[/b]:

    C:\Program Files\

    1stbenison
    absolutist.com
    Absolutist_Games
    ADMIN AMEN FILE
    Adobe
    Ahead
    Alwil Software
    aMSN
    Anno 1701
    Apple Software Update
    AskSBar
    Azureus
    a?sembly
    A?pPatch
    BlueSquad
    Bonjour
    Boonty
    BoontyGames
    Circle Developement
    ComPlus Applications
    Creative
    DDD Pool
    DivX
    Dofus
    Dofus-Arena beta 2
    eMule
    EoRezo
    Fichiers communs
    FlashGet
    Free Offers from Freeze.com
    Freeze.com
    FrostWire
    F?nts
    GameHouse
    Gamenext
    GamesBar
    Google
    Guitar Pro 5
    iMesh Applications
    IMVU
    Instafinder
    InstallShield Installation Information
    Internet Explorer
    iPod
    ItsLabel
    iTunes
    Java
    jibberish deluxe beta
    Kazaa
    L'EntraŒneur 2006
    LimeWire
    LitexMedia
    Live Billiards
    Malwarebytes' Anti-Malware
    Messenger
    Messenger Plus! Live
    microsoft frontpage
    Microsoft Games
    Microsoft Office
    Microsoft SQL Server
    Microsoft SQL Server Compact Edition
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSN
    MSN Gaming Zone
    MSN Messenger
    M?crosoft
    M?crosoft.NET
    Need2Find
    NetMeeting
    Norton Security Scan
    OneStep
    Online Services
    OpenOffice.org 2.4
    Orange HSS
    Outlook Express
    QuickTime
    Raveille
    ReflexiveArcade
    Safari
    SAGEM
    SecondLife
    Securitoo
    Services en ligne
    Shareaza
    skiStunt
    Smart Projects
    Sony
    Sony Setup
    Spybot - Search & Destroy
    s?mbols
    s?stem
    s?stem32
    T‚l‚chargeur de FlatOut
    T‚l‚chargeur de Yetisports World Tour
    Trend Micro
    Uninstall Information
    VideoLAN
    VirtualDJ
    Vstplugins
    Windows Live
    Windows Live Safety Center
    Windows Media Player
    Windows NT
    WindowsUpdate
    Winferno
    WinZip
    WinZip22
    W?nSxS
    xerox
    Yahoo!
    YesMessenger
    ?dobe
    ??pPatch
    ?icrosoft
    ?icrosoft.NET
    ??crosoft
    ??sks
    ?dobe
    ?ssembly
    ??sembly
    ?ecurity
    ?ymbols
    ??curity
    ??mantec
    ??stem
    ??stem32
    ?icrosoft
    ?icrosoft.NET
    ??crosoft
    ?racle
    ?asks

    C:\Program Files\Fichiers communs\

    Adobe
    BOONTY Shared
    Designer
    France Telecom
    GTK
    i4j_jres
    InstallShield
    InstallShield Shared
    Java
    Microsoft Shared
    MSSoap
    Oberon Media
    ODBC
    Services
    SpeechEngines
    Symantec Shared
    System
    WindowsLiveInstaller

    [b]Add/Remove Programs[/b]:
    0
    1. coucky
       
      tu vois le hijackThis, le l'ai fait en 1 minute, par contre je n'arrive pas a te repondre sur le forum, et tout ce que je fais entre 2 ça marche parfaitement sauf cette fenetre xpantispyware 2009 qui s'ouvre toutes les 5 secondes, la j'arrive à écrire car j'étais obligé de faire répondre à coucky par contre goldorak ça marche pas, bon voila !
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:33:33, on 02/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\Orange HSS\Systray\SystrayApp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\brastk.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\documents and settings\nathalie\local settings\application data\aoycu.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Orange HSS\Launcher\Launcher.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Orange HSS\Deskboard\deskboard.exe
      C:\Program Files\Orange HSS\browser\browser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
      O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [brastk] brastk.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
      O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
      O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: https://www.orange.fr/portail
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
      0
    2. coucky
       
      tu vois le hijackThis, le l'ai fait en 1 minute, par contre je n'arrive pas a te repondre sur le forum, et tout ce que je fais entre 2 ça marche parfaitement sauf cette fenetre xpantispyware 2009 qui s'ouvre toutes les 5 secondes, la j'arrive à écrire car j'étais obligé de faire répondre à coucky par contre goldorak ça marche pas, bon voila !
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:33:33, on 02/11/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\MsPMSPSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Creative\ShareDLL\CtNotify.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\Orange HSS\Systray\SystrayApp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\OneStep\onestep.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\brastk.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\documents and settings\nathalie\local settings\application data\aoycu.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Creative\ShareDLL\MediaDet.Exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Orange HSS\Launcher\Launcher.exe
      C:\WINDOWS\system32\devldr32.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Orange HSS\Deskboard\deskboard.exe
      C:\Program Files\Orange HSS\browser\browser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
      R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
      O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
      O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
      O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
      O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [brastk] brastk.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
      O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
      O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: https://www.orange.fr/portail
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
      0
  16. Utilisateur anonyme
     
    Re,

    Refait moi un hijackthis.

    merci
    0
  17. coucky
     
    voila
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:33:33, on 02/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\OneStep\onestep.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\OneStep\onestep.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\brastk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\documents and settings\nathalie\local settings\application data\aoycu.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\browser\browser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
    O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
    O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
    0
  18. coucky
     
    voila
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:33:33, on 02/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\Program Files\OneStep\onestep.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Orange HSS\Systray\SystrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\OneStep\onestep.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\brastk.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\documents and settings\nathalie\local settings\application data\aoycu.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Orange HSS\Launcher\Launcher.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Orange HSS\Deskboard\deskboard.exe
    C:\Program Files\Orange HSS\browser\browser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [2gb4i3hn] C:\WINDOWS\TEMP\07CAA918.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
    O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
    O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Flag Owns Live Grim] C:\Documents and Settings\All Users\Application Data\Software rule flag owns\THUNK ABOUT.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [messengerskinner] C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinner.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
    O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
    O4 - HKCU\..\Run: [aoycu] "c:\documents and settings\nathalie\local settings\application data\aoycu.exe" aoycu
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe
    0
  19. Utilisateur anonyme
     
    Re,

    ==>Télécharge sur ton bureau MSNFix

    * Enregistrez le fichier sur votre bureau.
    * Ne pas double-cliquer sur le fichier
    * Faites un clic droit sur le fichier puis Extraire tout, le but étant de récupérer un dossier MSNFix

    * Double-cliquez sur le dossier MSNFix afin de l'ouvrir
    * Vous trouverez dedans un nouveau dossier ainsi qu'un fichier MSNFix.bat (le .bat peut ne pas apparaître chez vous).
    * Double-cliquez sur MSNFix.bat

    Tutorial MSNFix
    0
  20. coucky
     
    j'ai encore rien, j'ai telechargé et quand je clique sur MSNFix.bat, il y a un écran ou il y a ecrit
    scan......
    ....check sevice
    -
    et sinon avant on me demande de choisir une action, rechercher, quitter ou langage dc j'ai fait rechercher mais rien ne se passe .Je ne suis peut etre pas douée mais depuis hier , je resume navilog, smitfraudFix, SDFix et MSNFix. Ai je encore un espoir, alors que je vois sur le site que pas mal de problemes ne sont pas résolus. Ce truc est arrivé, normalement, il doit bien pouvoir être supprimer. Bon ben j'espere que tu trouveras la soluce qui correspond à mon ordi
    merci
    0
  21. Utilisateur anonyme
     
    Re,

    Pour msnfix tu ne choisit que l'option recherche ensuite il te proposeras le cas écheant le nettoyage.

    0
  • 1
  • 2
  • 3
  • 4