Sujet Précédent Sujet Suivant

Rond rouge avc une croix dedans

coucky -
Utilisateur anonyme - 4 nov. 2008 à 15:15

Bonjour,

Depui 3 jour est arrivé ds la barre en bas (excusez moi je n'y connais rien, maman et enfants en vacances) un rond rouge avec une crois blche dedans et une fenetre qui s'ouvre tout le temps me disant que l'ordi est ifecté et qu'il est recommandé d'installer anti spyware tool etc... et si ça demarre c'est XP antispireware2009 install qui demarre , j'installe ou pas ?

Afficher la suite

A voir également:

Rond rouge avc une croix dedans
Supprimer rond bleu whatsapp - Guide
Supprimez les composantes rouge et verte de cette image. quel mot apparaît ? - Forum Word
Croix snapchat ✓ - Forum Snapchat
Rond violet snap - Forum Snapchat
Croix sur snap - Forum Snapchat

67 réponses

Précédent

1
2
3
4

Suivant

Réponse 41 / 67

Utilisateur anonyme

Re,

TU N'EST PAS INSCRITE SUR CCM.

Donc inscrit toi sur ccm en cliquant sur connexion en haut a droite.

@+

Réponse 42 / 67

coucky Messages postés 19 Statut Membre

Excuses, je n'avais pas vu que j'avais une boite à lettres. (Toujours aussi douée, par contre depuis tout à l'heure zéro fenêtre se sont ouvert, nickel), voici le dernier hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:18, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\OneStep\onestep.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStep\onestep.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
O2 - BHO: (no name) - {51EF787E-F358-4CC9-8688-4E73E9DCDB8D} - C:\WINDOWS\system32\mlJBSmJc.dll
O2 - BHO: (no name) - {6980EA3A-54AB-5929-8C4D-2BC07755D0B8} - C:\WINDOWS\system32\dxq.dll
O2 - BHO: {d5e9dfb7-d469-d6cb-a944-44b41092d82d} - {d28d2901-4b44-449a-bc6d-964d7bfd9e5d} - C:\WINDOWS\system32\xdcppd.dll
O2 - BHO: (no name) - {E4437BEE-7CBF-4185-9EA0-D5C5326A3B60} - C:\WINDOWS\system32\tuvWmNHy.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [keuik] "c:\documents and settings\nathalie\local settings\application data\keuik.exe" keuik
O4 - HKCU\..\Run: [ckggiim] "c:\documents and settings\nathalie\local settings\application data\ckggiim.exe" ckggiim
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: xdcppd.dll
O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Host Process for Win-32 Service - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe

Réponse 43 / 67

Utilisateur anonyme

Re,

Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...

Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Réponse 44 / 67

coucky Messages postés 19 Statut Membre

Eh ben, tu m'as fait peur surtout que Combo au départ m' adit que la console de récupération windows n'existait pas sur ce pc, qu'il fallait rouvrir internet, redemarrer, donc voila j'ai tout fait et j'ai aidé au redemarrage manuellement, puis j'ai eu un icone (en forme d'ecu) jaune me disant que les mises a jour &taient prêtes et j'ai redemarré puis là je t'envoie donc le rapport et maintenant en barre de tache j'ai les 2 icones , le jaune et le rouge me disant que je n'ai aucun pare-feu, antivirus ...
bon voila (ça stresse toutes ces recommendations de précautions pour Combofix
ComboFix 08-11-02.05 - Nathalie 2008-11-03 17:10:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.653 [GMT 1:00]
Lancé depuis: c:\documents and settings\Nathalie\Bureau\C-Fix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\appatc~1
c:\program files\appatc~1\A?pPatch\
c:\program files\appatc~1\dvdplay.exe
c:\program files\asembl~1
c:\program files\asks~1
c:\program files\crosof~1
c:\program files\curity~1
c:\program files\dobe~1
c:\program files\dobe~2
c:\program files\ecurit~1
c:\program files\fnts~1
c:\program files\icroso~1
c:\program files\icroso~1.net
c:\program files\icroso~2
c:\program files\Instafinder
c:\program files\Instafinder\instafinder.dll
c:\program files\Instafinder\instafinder.exe
c:\program files\Instafinder\uninstall.exe
c:\program files\mantec~1
c:\program files\mcroso~1
c:\program files\mcroso~1.net
c:\program files\outerinfo
c:\program files\outerinfo\FF\chrome.manifest
c:\program files\outerinfo\FF\components\FF.dll
c:\program files\outerinfo\FF\components\OuterinfoAds.xpt
c:\program files\outerinfo\FF\install.rdf
c:\program files\outerinfo\OiUninstaller.exe
c:\program files\outerinfo\outerinfo.ico
c:\program files\outerinfo\Terms.rtf
c:\program files\ppatch~1
c:\program files\pppatc~1
c:\program files\racle~1
c:\program files\sembly~1
c:\program files\sembly~1\??sembly\
c:\program files\sembly~1\dexplore.exe
c:\program files\sks~1
c:\program files\smbols~1
c:\program files\ssembl~1
c:\program files\sstem~1
c:\program files\sstem3~1
c:\program files\stem~1
c:\program files\stem32~1
c:\program files\wnsxs~1
c:\program files\ymbols~1
c:\windows\asembl~1
c:\windows\asks~1
c:\windows\asks~2
c:\windows\brastk.exe
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\crosof~1
c:\windows\crosof~1.net
c:\windows\curity~1
c:\windows\dobe~1
c:\windows\dobe~2
c:\windows\ecurit~1
c:\windows\fnts~1
c:\windows\icroso~1
c:\windows\icroso~1.net
c:\windows\mbols~1
c:\windows\mcroso~1
c:\windows\ppatch~1
c:\windows\ppatch~2
c:\windows\racle~1
c:\windows\racle~2
c:\windows\scurit~1
c:\windows\sembly~1
c:\windows\smbols~1
c:\windows\ssembl~1
c:\windows\sstem~1
c:\windows\stem~1
c:\windows\stem32~1
c:\windows\system32\~.exe
c:\windows\system32\accddmsf.ini
c:\windows\system32\almfoaof.dll
c:\windows\system32\asks~1
c:\windows\system32\asks~2
c:\windows\system32\asks~2\l?ass.exe
c:\windows\system32\augssudx.ini
c:\windows\system32\axnxxlew.ini
c:\windows\system32\bbtipuni.ini
c:\windows\system32\bcozmy.dll
c:\windows\system32\bseldndl.ini
c:\windows\system32\cache329
c:\windows\system32\cfhvjraa.ini
c:\windows\system32\cfqmrjnn.ini
c:\windows\system32\crosof~1
c:\windows\system32\crosof~1.net
c:\windows\system32\curity~1
c:\windows\system32\czrxsw.dll
c:\windows\system32\ddcDwxwW.dll
c:\windows\system32\dgodppng.dll
c:\windows\system32\dhcifooo.dll
c:\windows\system32\diputnbr.ini
c:\windows\system32\dobe~1
c:\windows\system32\dobe~2
c:\windows\system32\dqgzxj.dll
c:\windows\system32\dqkexusr.ini
c:\windows\system32\dxq.dll
c:\windows\system32\ebipkhem.ini
c:\windows\system32\ecurit~1
c:\windows\system32\enxevbbp.dll
c:\windows\system32\eqvudacx.ini
c:\windows\system32\ffoggpuj.ini
c:\windows\system32\fgbyjtpk.ini
c:\windows\system32\fnts~1
c:\windows\system32\fnts~2
c:\windows\system32\fuxfgwcp.exe
c:\windows\system32\fytigthn.ini
c:\windows\system32\gkedjhbr.dll
c:\windows\system32\goqdamqr.dll
c:\windows\system32\gqvxexsv.dll
c:\windows\system32\gtamfuwt.ini
c:\windows\system32\gwgnjdsx.ini
c:\windows\system32\hibojcnp.ini
c:\windows\system32\hqkkgfhi.dll
c:\windows\system32\icroso~1
c:\windows\system32\icueublj.ini
c:\windows\system32\idubuteh.ini
c:\windows\system32\ifqhriln.ini
c:\windows\system32\ihfgkkqh.ini
c:\windows\system32\ihxipbvb.ini
c:\windows\system32\issmgmbi.ini
c:\windows\system32\itxuhklg.ini
c:\windows\system32\jfdbmika.ini
c:\windows\system32\jgwaexcu.ini
c:\windows\system32\jhilpjil.ini
c:\windows\system32\jnsofq.dll
c:\windows\system32\jqnudnea.ini
c:\windows\system32\jrbdysev.ini
c:\windows\system32\jrfkhh.dll
c:\windows\system32\jscapjxg.ini
c:\windows\system32\jwmxqxnl.ini
c:\windows\system32\jynmunny.ini
c:\windows\system32\kbqduafq.ini
c:\windows\system32\kcuciysw.dll
c:\windows\system32\krzyrd.dll
c:\windows\system32\kwivbl.dll
c:\windows\system32\kxmwowvr.ini
c:\windows\system32\lbjkesaf.ini
c:\windows\system32\lhlulnbb.ini
c:\windows\system32\mbliymcd.ini
c:\windows\system32\mcroso~1
c:\windows\system32\mcroso~1.net
c:\windows\system32\melgbqck.ini
c:\windows\system32\mlJBSmJc.dll
c:\windows\system32\mrgnslkw.ini
c:\windows\system32\niazwb.dll
c:\windows\system32\nqcgfoqb.dll
c:\windows\system32\nyvulwxu.ini
c:\windows\system32\oenwiarc.exe
c:\windows\system32\oieibxuw.ini
c:\windows\system32\oiotoikl.dll
c:\windows\system32\OprAyyay.ini
c:\windows\system32\OprAyyay.ini2
c:\windows\system32\owwfeahl.ini
c:\windows\system32\P2P Networking v126.cpl
c:\windows\system32\pbbvexne.ini
c:\windows\system32\pppatc~1
c:\windows\system32\puwdhjqq.ini
c:\windows\system32\qaofpinb.ini
c:\windows\system32\qltsuecu.exe
c:\windows\system32\qmjavwry.ini
c:\windows\system32\qoiscemb.exe
c:\windows\system32\qwybhalf.ini
c:\windows\system32\racle~1
c:\windows\system32\racle~2
c:\windows\system32\rbsaslxm.ini
c:\windows\system32\riewbxxv.ini
c:\windows\system32\rojjqplc.ini
c:\windows\system32\rttucpgk.ini
c:\windows\system32\rvqljxxk.ini
c:\windows\system32\scurit~1
c:\windows\system32\sks~1
c:\windows\system32\smbols~1
c:\windows\system32\spyhsick.ini
c:\windows\system32\sstem~1
c:\windows\system32\sstem3~1
c:\windows\system32\stem32~1
c:\windows\system32\svhjdytu.ini
c:\windows\system32\thpoqbug.ini
c:\windows\system32\tiftarpi.exe
c:\windows\system32\tjolppru.ini
c:\windows\system32\tkhdcbaj.dll
c:\windows\system32\tsks~1
c:\windows\system32\ttixxkgq.ini
c:\windows\system32\tuvSkKCT.dll
c:\windows\system32\tuvTjJbY.dll
c:\windows\system32\tuvWmNHy.dll
c:\windows\system32\tycughym.ini
c:\windows\system32\tyeupl.dll
c:\windows\system32\ubuhhh.dll
c:\windows\system32\upsnlngr.ini
c:\windows\system32\vcmtctxc.ini
c:\windows\system32\vghkwatp.ini
c:\windows\system32\vskmbfot.ini
c:\windows\system32\wavilhmo.ini
c:\windows\system32\wfmjvvuk.ini
c:\windows\system32\whickyxa.ini
c:\windows\system32\wini10791.exe
c:\windows\system32\wjbapaif.ini
c:\windows\system32\wlevqpgh.exe
c:\windows\system32\wlidfrrh.ini
c:\windows\system32\wnsxs~1
c:\windows\system32\wwhhvjym.ini
c:\windows\system32\wwyiklnd.ini
c:\windows\system32\xdcppd.dll
c:\windows\system32\xlclhwgv.ini
c:\windows\system32\xpyxmvjc.ini
c:\windows\system32\xxkcwj.dll
c:\windows\system32\yayvUKeC.dll
c:\windows\system32\yayvWmkh.dll
c:\windows\system32\yayyArpO.dll
c:\windows\system32\yciodilj.ini
c:\windows\system32\yhiemscl.ini
c:\windows\system32\yHNmWvut.ini
c:\windows\system32\yHNmWvut.ini2
c:\windows\system32\ykujokeb.ini
c:\windows\system32\ymante~1
c:\windows\system32\ystem3~1
c:\windows\system32\ytsslfva.ini
c:\windows\wnsxs~1
c:\windows\ymante~1
c:\windows\ymbols~1
c:\windows\ystem~1
c:\windows\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_GENERIC_HOST_PROCESS_FOR_WIN-32_SERVICE
-------\Legacy_SYSLIBRARY
-------\Legacy_SYSREST.SYS
-------\Service_Boonty Games
-------\Service_Generic Host Process for Win-32 Service

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.

2008-11-03 12:45 . 2008-11-03 13:37 <REP> d-------- C:\ToolBar SD
2008-11-03 11:19 . 2008-11-03 12:20 <REP> d-------- c:\program files\Navilog1
2008-11-02 17:02 . 2008-11-02 17:02 <REP> d-------- c:\windows\ERUNT
2008-11-02 16:44 . 2008-11-02 18:17 <REP> d-------- C:\SDFix
2008-11-02 13:03 . 2008-11-02 14:06 3,106 --a------ c:\windows\system32\tmp.reg
2008-11-02 13:03 . 2008-11-02 14:06 0 --a------ c:\windows\system32\tmp.MSNFix
2008-11-02 13:02 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-02 13:02 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-02 13:02 . 2008-09-08 22:38 88,576 --a------ c:\windows\system32\AntiXPVSTFix.exe
2008-11-02 13:02 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-02 13:02 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-02 13:02 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-02 13:02 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-02 13:02 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-02 13:02 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-02 13:02 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-02 00:14 . 2007-09-24 14:03 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-11-02 00:14 . 2007-09-24 14:03 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-11-02 00:14 . 2007-09-24 12:11 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-11-02 00:14 . 2007-09-24 14:03 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-11-02 00:14 . 2007-09-24 14:03 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-11-02 00:14 . 2007-09-24 14:03 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-11-02 00:14 . 2007-09-24 14:03 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-11-02 00:14 . 2008-11-02 00:14 <REP> d-------- c:\documents and settings\Administrateur
2008-11-01 22:00 . 2008-11-01 22:00 <REP> d-------- c:\program files\Trend Micro
2008-10-31 13:29 . 2008-10-31 13:29 <REP> d-------- c:\program files\Alwil Software
2008-10-28 14:24 . 2008-10-28 14:24 2,048 --a------ c:\windows\system32\imglpkoy.exe
2008-10-28 14:18 . 2008-10-28 14:18 128,000 --a------ c:\windows\system32\dtiljwvi.dll
2008-10-27 21:32 . 2008-10-27 21:32 128,000 --a------ c:\windows\system32\tylpagxp.dll
2008-10-27 21:29 . 2008-10-27 21:29 2,048 --a------ c:\windows\system32\lcropmci.exe
2008-10-25 13:41 . 2008-10-25 13:41 <REP> d-------- c:\program files\ADMIN AMEN FILE
2008-10-07 10:13 . 2008-10-07 10:13 <REP> d-------- c:\program files\Guitar Pro 5
2008-10-04 18:01 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-04 18:01 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-04 18:01 . 2007-07-30 18:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-04 15:49 . 2008-10-04 15:50 <REP> d-------- c:\program files\Téléchargeur de Yetisports World Tour
2008-10-04 08:46 . 2008-10-04 08:46 <REP> d-------- c:\documents and settings\mario.HURTADO-E725D7B\Application Data\Righteous Kill
2008-10-04 08:46 . 2008-10-04 08:46 <REP> d-------- c:\documents and settings\mario.HURTADO-E725D7B\Application Data\Playrix Entertainment
2008-10-04 08:42 . 2008-10-04 08:42 <REP> d-------- c:\documents and settings\mario.HURTADO-E725D7B\Application Data\Alawar
2008-10-03 18:33 . 2008-10-03 18:33 <REP> d-------- c:\documents and settings\Nathalie\Application Data\Playrix Entertainment
2008-10-03 18:22 . 2008-10-03 18:22 <REP> d-------- c:\documents and settings\All Users\Application Data\MumboJumbo
2008-10-03 18:09 . 2008-10-03 18:09 <REP> d-------- c:\documents and settings\Nathalie\Application Data\cerasus.media
2008-10-03 18:08 . 2008-10-03 18:08 <REP> dr-h----- c:\documents and settings\Nathalie\Application Data\SecuROM
2008-10-03 17:36 . 2008-10-03 17:36 <REP> d-------- c:\documents and settings\Nathalie\Application Data\Alawar

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 18:12 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-01 20:55 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-26 18:23 --------- d-----w c:\documents and settings\Nathalie\Application Data\Apple Computer
2008-10-26 18:18 --------- d-----w c:\documents and settings\Nathalie\Application Data\LimeWire
2008-10-25 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\Software rule flag owns
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-11 16:00 --------- d-----w c:\documents and settings\mario.HURTADO-E725D7B\Application Data\LimeWire
2008-10-05 17:15 --------- d-----w c:\program files\BoontyGames
2008-10-04 07:48 --------- d-----w c:\program files\MSN Messenger
2008-10-01 18:17 --------- d-----w c:\program files\Java
2008-10-01 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2008-09-30 12:48 --------- d-----w c:\program files\Absolutist_Games
2008-09-27 17:18 --------- d-----w c:\documents and settings\Nathalie\Application Data\Friday's games
2008-09-27 15:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-25 15:27 --------- d-----w c:\documents and settings\All Users\Application Data\Absolutist
2008-09-25 15:25 --------- d-----w c:\program files\absolutist.com
2008-09-25 08:09 --------- d-----w c:\documents and settings\Nathalie\Application Data\HP
2008-09-23 08:31 --------- d-----w c:\documents and settings\mario.HURTADO-E725D7B\Application Data\Malwarebytes
2008-09-20 10:20 --------- d-----w c:\program files\OneStep
2008-09-19 13:58 --------- d-----w c:\program files\Microsoft.NET
2008-09-18 17:22 --------- d-----w c:\documents and settings\Nathalie\Application Data\Malwarebytes
2008-09-18 17:22 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-18 11:47 60,928 ----a-w c:\windows\system32\CA.tmp
2008-09-18 08:19 --------- d-----w c:\program files\FlashGet
2008-09-17 10:17 60,928 ----a-w c:\windows\system32\B1.tmp
2008-09-16 17:52 60,928 ----a-w c:\windows\system32\A9.tmp
2008-09-13 10:11 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-11 16:48 60,928 ----a-w c:\windows\system32\B3.tmp
2008-09-11 03:50 60,928 ----a-w c:\windows\system32\97.tmp
2008-09-03 10:06 --------- d-----w c:\program files\Messenger Plus! Live
2008-08-27 08:32 60,928 ----a-w c:\windows\system32\3B.tmp
2008-08-17 11:50 60,928 ----a-w c:\windows\system32\29.tmp
2008-08-14 13:11 60,928 ----a-w c:\windows\system32\139.tmp
2008-08-13 10:24 52,736 ----a-w c:\windows\system32\27.tmp
2008-08-04 13:12 119,360 ----a-w c:\windows\system32\xcfmvd.dll
2008-08-04 13:12 119,360 ----a-w c:\windows\system32\cedeajec.dll
2008-03-01 19:02 10 ----a-w c:\program files\.autoreg
.

------- Sigcheck -------

md5deep: c:\windows\system32\svchost.exe: error at offset 0: Permission denied

md5deep: c:\windows\system32\winlogon.exe: error at offset 0: Permission denied

md5deep: c:\windows\explorer.exe: error at offset 0: Permission denied
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe

md5deep: c:\windows\system32\services.exe: error at offset 0: Permission denied

md5deep: c:\windows\system32\lsass.exe: error at offset 0: Permission denied

md5deep: c:\windows\system32\spoolsv.exe: error at offset 0: Permission denied
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-03-07 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"pkMXrrFog"= {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - c:\windows\system32\mmuod.dll [2006-03-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xdcppd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"= ctwdm32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Service Manager.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 13:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-10 09:51 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
--a------ 2007-07-24 18:03 102400 c:\program files\Orange HSS\SessionManager\SessionManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
--a------ 2007-07-24 18:55 94208 c:\program files\Orange HSS\Systray\SystrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 00:00 90112 c:\windows\Updreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 OneStepSearch Service;OneStepSearch Service;c:\program files\OneStep\onestep.exe c:\program files\OneStep\onestep.dll Service [ ]
R3 VX1000;VX-1000;c:\windows\system32\DRIVERS\VX1000.sys [2007-04-10 1966312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
.
Contenu du dossier 'Tâches planifiées'

2008-11-03 c:\windows\Tasks\A3D78B95917C0119.job
- c:\docume~1\yoshur~1\applic~1\admina~1\vc show camp.exe []

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-05-26 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
- c:\windows\vVX1000.exe [2007-04-10 22:46]

2008-10-31 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-04-19 21:42]

2008-06-11 c:\windows\Tasks\rpc.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2007-04-12 14:24]
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
BHO-{51EF787E-F358-4CC9-8688-4E73E9DCDB8D} - c:\windows\system32\mlJBSmJc.dll
BHO-{6980EA3A-54AB-5929-8C4D-2BC07755D0B8} - c:\windows\system32\dxq.dll
BHO-{d28d2901-4b44-449a-bc6d-964d7bfd9e5d} - c:\windows\system32\xdcppd.dll
BHO-{E4437BEE-7CBF-4185-9EA0-D5C5326A3B60} - c:\windows\system32\tuvWmNHy.dll
Toolbar-{631ac2d4-57b3-42b0-a148-da33b462c1a3} - (no file)
WebBrowser-{631AC2D4-57B3-42B0-A148-DA33B462C1A3} - (no file)
HKCU-Run-keuik - c:\documents and settings\nathalie\local settings\application data\keuik.exe
HKCU-Run-ckggiim - c:\documents and settings\nathalie\local settings\application data\ckggiim.exe
ShellExecuteHooks-{51EF787E-F358-4CC9-8688-4E73E9DCDB8D} - c:\windows\system32\mlJBSmJc.dll
MSConfigStartUp-5c04344f - c:\windows\system32\vgvbnxrq.dll
MSConfigStartUp-Flash Player2 - c:\docume~1\YOSHUR~1\LOCALS~1\Temp\services.exe
MSConfigStartUp-Instafinder - c:\program files\Instafinder\instafinder.exe
MSConfigStartUp-KAZAA - c:\program files\Kazaa\kazaa.exe
MSConfigStartUp-OPTENET_GUI - c:\progra~1\CONTRO~1\bin\optgui.exe
MSConfigStartUp-P2P Networking - c:\windows\system32\P2P Networking\P2P Networking.exe
MSConfigStartUp-runner1 - c:\windows\mrofinu1148.exe
MSConfigStartUp-SeekmoOE - c:\program files\Seekmo\bin\10.0.370.0\OEAddOn.exe
MSConfigStartUp-SeekmoSA - c:\program files\Seekmo\bin\10.0.370.0\SeekmoSA.exe
MSConfigStartUp-Spyware-Secure - c:\program files\Spyware-Secure\Spyware-Secure_trial.exe
MSConfigStartUp-Windows Service - c:\documents and settings\yos hurtado\giskwh.exe

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Nathalie\Application Data\Mozilla\Firefox\Profiles\wcgpwmzl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.lo.st
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 17:17:58
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\documents and settings\Nathalie\Local Settings\Application Data\Microsoft\Messenger\nathalie-sophie-74@hotmail.fr\SharingMetadata\Working\database_345C_476_5C04_34E0\$db_clean$ 0 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\FTRTSVC.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\OneStep\onestep.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\OneStep\onestep.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 17:28:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-03 16:28:35

Avant-CF: 110 835 265 536 octets libres
Après-CF: 111,151,783,936 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

480 --- E O F --- 2008-11-03 16:27:19

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 67

Utilisateur anonyme

Re,

Fait un nouveau hijackthis STP.

merci

Réponse 46 / 67

coucky Messages postés 19 Statut Membre

Voici
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:08, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStep\onestep.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\OneStep\onestep.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: xdcppd.dll
O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStepSearch Service - OneStepSearch.net, Inc. - C:\Program Files\OneStep\onestep.exe

Réponse 47 / 67

Utilisateur anonyme

Re,

-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction<gras> et choisis <gras>Mode sans échec. Choisis ta session habituelle et non la session Administrateur
---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's

Réponse 48 / 67

coucky Messages postés 19 Statut Membre

Bonsoir,
J'ai passé + de 3 heures a effectuer Malwarebytes (ce matin, vu que mon probleme de crois blanche dans le rond rouge), était résolu, j'étais trop contente, alors pour te dire que ça fait bientot + de 72 heures que je suis sur le site , j'ai du mal car demain je me leve tot. Voila, pendant les 3 heures , avant dix minutes j'avais 5 fichiers infectés et puis ça a recommencé jusqu'a 105 après deux heures et après voila. Quand j'ai redemarré en mode sans echec tout était en couleur contrairement à hier et en plus, effectivement maintenant je tape f8, alors que je tapais f10, tu me diras ton record de correspondance en heures(je blague), bon je ne sais pas pôurquoi j'ai 2 rapports, donc les voici :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1354
Windows 5.1.2600 Service Pack 2

03/11/2008 21:53:39
mbam-log-2008-11-03 (21-53-26).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 230782
Temps écoulé: 3 hour(s), 15 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 109

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestep (Adware.OneStepSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\OneStep (Adware.OneStepSearch) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\mario.HURTADO-E725D7B\Bureau\Codec.exe (Trojan.FakeCodec) -> No action taken.
C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinnerDll.dll (Rogue.MessengerSkinner) -> No action taken.
C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinnerDll_new.dll (Rogue.MessengerSkinner) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\APPATC~1\dvdplay.exe.vir (Adware.ClickSpring) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\SEMBLY~1\dexplore.exe.vir (Adware.ClickSpring) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\almfoaof.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bcozmy.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\czrxsw.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgodppng.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dhcifooo.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dqgzxj.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxq.dll.vir (Adware.ClickSpring) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuxfgwcp.exe.vir (Trojan.LowZones) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\goqdamqr.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jnsofq.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jrfkhh.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kcuciysw.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kwivbl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJBSmJc.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\niazwb.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nqcgfoqb.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oenwiarc.exe.vir (Trojan.LowZones) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qltsuecu.exe.vir (Trojan.LowZones) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoiscemb.exe.vir (Trojan.LowZones) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tiftarpi.exe.vir (Trojan.LowZones) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tkhdcbaj.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvTjJbY.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWmNHy.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tyeupl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wlevqpgh.exe.vir (Trojan.LowZones) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxkcwj.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP30\A0038766.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP30\A0039800.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP30\A0039805.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0043193.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0043206.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0043208.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0044178.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP33\A0048253.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP33\A0049266.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP33\A0049273.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP34\A0052331.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP40\A0054530.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP40\A0054531.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP40\A0054535.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP42\A0057575.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP42\A0058566.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP42\A0058567.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0061782.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0062774.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0062826.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0064852.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP55\A0068047.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP55\A0068054.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP56\A0070099.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP56\A0072117.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP57\A0075154.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP57\A0075155.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP58\A0076170.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP58\A0079179.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP63\A0096375.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP63\A0096376.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP64\A0096415.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP65\A0097487.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP65\A0098520.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP65\A0100520.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP68\A0102685.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP69\A0114937.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP69\A0121262.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP69\A0121263.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122281.EXE (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122283.DLL (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122284.DLL (Adware.AskSBAR) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122285.DLL (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122338.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122346.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122349.exe (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122352.dll (Adware.ClickSpring) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122355.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122359.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122363.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122365.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122366.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122368.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122375.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122378.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122394.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122397.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122402.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122404.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122410.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122412.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122413.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122415.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122423.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122425.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122435.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122437.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122440.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122441.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122443.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122453.exe (Trojan.LowZones) -> No action taken.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122460.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\OneStep\home.js (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStep\onestep.dll (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStep\onestep.exe (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStep\osopt.exe (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStep\readme.html (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStep\uninstall.exe (Adware.OneStepSearch) -> No action taken.

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1354
Windows 5.1.2600 Service Pack 2

03/11/2008 21:54:35
mbam-log-2008-11-03 (21-54-35).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 230782
Temps écoulé: 3 hour(s), 15 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 109

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\onestep (Adware.OneStepSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\OneStep (Adware.OneStepSearch) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\mario.HURTADO-E725D7B\Bureau\Codec.exe (Trojan.FakeCodec) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinnerDll.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nathalie\Bureau\MessengerSkinner\MessengerSkinnerDll_new.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\APPATC~1\dvdplay.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\SEMBLY~1\dexplore.exe.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\almfoaof.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bcozmy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\czrxsw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgodppng.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dhcifooo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dqgzxj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxq.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuxfgwcp.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\goqdamqr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jnsofq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jrfkhh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kcuciysw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kwivbl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mlJBSmJc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\niazwb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nqcgfoqb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\oenwiarc.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qltsuecu.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoiscemb.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tiftarpi.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tkhdcbaj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvTjJbY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tuvWmNHy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tyeupl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wlevqpgh.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxkcwj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP30\A0038766.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP30\A0039800.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP30\A0039805.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0043193.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0043206.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0043208.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP32\A0044178.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP33\A0048253.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP33\A0049266.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP33\A0049273.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP34\A0052331.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP40\A0054530.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP40\A0054531.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP40\A0054535.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP42\A0057575.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP42\A0058566.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP42\A0058567.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0061782.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0062774.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0062826.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP50\A0064852.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP55\A0068047.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP55\A0068054.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP56\A0070099.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP56\A0072117.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP57\A0075154.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP57\A0075155.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP58\A0076170.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP58\A0079179.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP63\A0096375.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP63\A0096376.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP64\A0096415.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP65\A0097487.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP65\A0098520.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP65\A0100520.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP68\A0102685.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP69\A0114937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP69\A0121262.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP69\A0121263.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122281.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122283.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122284.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP70\A0122285.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122338.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122346.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122349.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122352.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122355.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122359.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122363.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122365.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122366.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122368.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122375.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122378.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122394.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122397.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122402.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122404.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122412.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122413.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122415.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122423.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122425.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122435.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122441.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122443.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122453.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP71\A0122460.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\onestep.dll (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\onestep.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\osopt.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStep\uninstall.exe (Adware.OneStepSearch) -> Quarantined and deleted successfully.

A chaque fois maintenant que je fais copier, coller on me demande si je l'autorise par rapport au presse papier,
bon ben voila

Réponse 49 / 67

Utilisateur anonyme

Re,

Ok.

Tu peut me refaire un hijackthis .

Merci.

Réponse 50 / 67

coucky Messages postés 19 Statut Membre

voila,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:05, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: xdcppd.dll
O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)

Réponse 51 / 67

Utilisateur anonyme

Re,

Alors maintenant fait ceci:

--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Réponse 52 / 67

coucky Messages postés 19 Statut Membre

Bon c'est fait, dis moi goldorak (c'est pour ta generation?) et 59 (c'est ton département?, je ne pense pas que ce soit ton année de naissance.)

Bon, j'en suis où ? tu me fais faire plein de choses aux quelles je ne comprend rien. Ce matin, je pensais que tout était fini. Il est encore 23h, je cale. Par contre , j'ai toujours les 2 écus, le jaune et le rouge, mais bon, voici le rapport,

-------------- UsbFix V2.395 ---------------

* User : Nathalie - HURTADO-E725D7B
* Outils mis a jours le 03/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 23:01:01 le 03/11/2008
* Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\Nathalie\LOCALS~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

--------------- [ Registre / Startup ] ----------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

--------------- [ Registre / Mountpoint2 ] ----------------

-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[24/09/2007 12:15][--a------] C:\AUTOEXEC.BAT
[02/03/2006 13:00][-rahs----] C:\NTDETECT.COM
[03/11/2008 17:08][-rahs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------

Réponse 53 / 67

Utilisateur anonyme

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\yos hurtado\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

Ensuite clique sur "Fix checked"

=>>Ensuite refait un rapport hijackthis.

Merci.

Réponse 54 / 67

coucky Messages postés 19 Statut Membre

voila,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:29:04, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\Orange HSS\systray\systrayapp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange HSS\browser\browser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: xdcppd.dll
O21 - SSODL: pkMXrrFog - {5C0434E1-F6AE-9E4B-A8B3-229277981D42} - C:\WINDOWS\system32\mmuod.dll
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)

Réponse 55 / 67

Utilisateur anonyme

Re,

Peut tu refaire une analyse avec malwarebyte.

STP.

Merci.

Réponse 56 / 67

coucky Messages postés 19 Statut Membre

Non pas ce soir, tout a l'heure ça m'a pris plus de 3 heures et je me leve à 6 damain, donc voila j'aimerai bien que tu me donnes un lien pour un antivirus et je reviendrais sur le site demain apres midi et surtout merci encore.
Nathalie

Réponse 57 / 67

Utilisateur anonyme

Re,

OK.

antivir

et le pare feu qui vas bien avec:

comodo

et le tuto qui t'explique tout tutorial COMODO

A demain.

Réponse 58 / 67

coucky Messages postés 19 Statut Membre

Bonjour,

Voila, j'ai lancé malwarebyte's ce matin , 4 infections (Trjan Fake Codec, 2 fois Rogue messenger
et Rootkit Agent), voici le rapport (mais plus de 3 heures c'est trop long en examen complet), je ne le referais pas .
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1354
Windows 5.1.2600 Service Pack 2

04/11/2008 11:07:11
mbam-log-2008-11-04 (11-07-11).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 231674
Temps écoulé: 3 hour(s), 13 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP73\A0124758.exe (Trojan.FakeCodec) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP73\A0124759.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP73\A0124760.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BAB077D8-141B-43AC-869A-7BB85C14B803}\RP73\A0124767.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Réponse 59 / 67

Utilisateur anonyme

Re,

Supprime la quarantaine et redemare le pc et ensuite refait

Télécharges MsnCleaner.zip de ElPiedra :

http://www.clubic.com/lancer-le-telechargement-53800-0-msncleaner.html

Décompresses le sur ton bureau. (Cliques droit sur le fichier .zip puis "Extraire tout").

Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

· Cliques sur MsnCleaner.exe pour le lancer.
· Sous Language, cliques sur la petite flèche et choisis French.
· Cliques sur le bouton Analyse.
->Si l'outil trouve une infection, cliques sur le bouton Supprimer .
· A la fin du scan un rapport va être créé.

-> Redémarres ton PC ( mode normal ).

Postes le rapport C:\MsnCleaner\MsnCleaner.txt dans ta prochaine réponse ...

Réponse 60 / 67

coucky Messages postés 19 Statut Membre

donc voila,
rien de special là
- Rapport MSNCleaner 1.3.7
- Rapport créé: 04/11/2008 on 13:44:32
- Système d'exploitation: Windows XP
- Mode de démarrage: Mode sans échec
_________________________________________

Fichiers détectés: 0
Fichiers supprimés: 0
Fichiers non supprimés: 0

<<<<<<< Pas de fichiers trouvés >>>>>>>

Discussions similaires

j ai un rond avec une croix dedans à droite

A quoi correspond cette croix sur snapchat

Emoji non affiché en sms (croix dans un rectangle)

smyley rectangulaire

que signifie les petits rectangles blancs à la fin de mes sms ?

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple