Un petit Scan HiJackThis - il est très court
polothentik
Messages postés
32
Statut
Membre
-
jericho1212 -
jericho1212 -
Bonjour,
Bon... ayant fais l'acquisition d'un nouvel ordinateur (un MAC :D)... je recycle mon vieil ordnateuri portable pour le consacrer pleinement aux Calculs Numériques... J'ai donc entamé en grand ménage d'Hiver... Pour terminer mon petit ménage comme il se doit je sollicite les conseils d'un expert en LOG HiJackThis... nous cherchons du suspicieux viral si vous voyez ce que je veux dire...
Voici le Log (il est court... me semble t-il ?) :
Logfile of HijackThis v1.99.1
Scan saved at 16:06:56, on 21/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Companion.JS BHO - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: hpdj01 - HP - C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\hpdj01.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Merci d'avance de m'aider à éradiquer la menace viral...
A Tchô
Bon... ayant fais l'acquisition d'un nouvel ordinateur (un MAC :D)... je recycle mon vieil ordnateuri portable pour le consacrer pleinement aux Calculs Numériques... J'ai donc entamé en grand ménage d'Hiver... Pour terminer mon petit ménage comme il se doit je sollicite les conseils d'un expert en LOG HiJackThis... nous cherchons du suspicieux viral si vous voyez ce que je veux dire...
Voici le Log (il est court... me semble t-il ?) :
Logfile of HijackThis v1.99.1
Scan saved at 16:06:56, on 21/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Companion.JS BHO - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: hpdj01 - HP - C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\hpdj01.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Merci d'avance de m'aider à éradiquer la menace viral...
A Tchô
Configuration: Windows XP Firefox 3.0.4
A voir également:
- Un petit Scan HiJackThis - il est très court
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Scan qr code pc - Guide
- Sfc scan - Guide
- Trier du plus petit au plus grand excel - Guide
- Router scan v3.60 - Forum Logiciels
18 réponses
Salut,
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
-->choisis l option 1 (nettoyage)
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Telecharge UsbFix sur ton bureau
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
-->choisis l option 1 (nettoyage)
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
slt
il faut mettre a jour internet explorer avec la version 7 et adobe avec la version 9
coté infection effectivement il y en a une qui transite par les clé usb, disque externe...
ici:
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
pour cela:
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
il faut mettre a jour internet explorer avec la version 7 et adobe avec la version 9
coté infection effectivement il y en a une qui transite par les clé usb, disque externe...
ici:
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
pour cela:
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
tu a un virus
suis ces instructions
1: Crée un fichier texte et copie ceci dedans
del /F /A:RH autorun.inf
renomme ce fichier en delautorun.bat et copie le dans chaque disque, clé usb etc. il va te permettre d'effacer un autorun caché et protégé sans avoir a ouvrir ton disque dur, et sans que tu puisse le voir (puisque ckvo t'empeche de voir les fichiers cachés le ptit malin)
2: Démarrer > Exécuter > tape "msconfig" > va dans "démarrage", retire de la liste de démarrage "ckvo" (ou autre);
3: il te demande de rebooter >> ok
puis vas dans Démarrer> exécuter> regedit.
la dedans fais une recherche de "ckvo". vire toutes les entrées qu'il trouve jusqu'a "recherche dans le registre terminée). pareil pour amvo
4: Démarrer > Exécuter > tape c:/delautorun.bat, pour empêcher que le virus de se duplique. Répéte cette manip pour chaque disque (d:/delautorun.bat...)comme ca tu peux ouvrir chaque disque sans réactiver le virus (pour etre sur que l'autorun est viré, tu peux faire un démarrer> exécuter> c:/autorun.inf. "s'il le trouve pas c'est bon")
suis ces instructions
1: Crée un fichier texte et copie ceci dedans
del /F /A:RH autorun.inf
renomme ce fichier en delautorun.bat et copie le dans chaque disque, clé usb etc. il va te permettre d'effacer un autorun caché et protégé sans avoir a ouvrir ton disque dur, et sans que tu puisse le voir (puisque ckvo t'empeche de voir les fichiers cachés le ptit malin)
2: Démarrer > Exécuter > tape "msconfig" > va dans "démarrage", retire de la liste de démarrage "ckvo" (ou autre);
3: il te demande de rebooter >> ok
puis vas dans Démarrer> exécuter> regedit.
la dedans fais une recherche de "ckvo". vire toutes les entrées qu'il trouve jusqu'a "recherche dans le registre terminée). pareil pour amvo
4: Démarrer > Exécuter > tape c:/delautorun.bat, pour empêcher que le virus de se duplique. Répéte cette manip pour chaque disque (d:/delautorun.bat...)comme ca tu peux ouvrir chaque disque sans réactiver le virus (pour etre sur que l'autorun est viré, tu peux faire un démarrer> exécuter> c:/autorun.inf. "s'il le trouve pas c'est bon")
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Et bien dis donc... merci beaucoup pour votre réactivité...
Pour plus de clarté, et comme tout le monde semble s'être mis d'accord... je vais respecter seulement les consignes de Chiquitine29...
Alors voilà, j'ai fais un scan UsbFix avec 2 clés USB (lecteur E: et F:) connectées... Le UsbFix.txt est le suivant... (indigeste à mon goût) - Ah! Tiens! je viens de m'apercevoir que c'est Chiquitine29 qui le met à jour ce soft... je mettrai donc un bémol à mon "indigeste" :) :
-------------- UsbFix V2.411 ---------------
* User : hamelin garrec paul - DELL
* Outils mis a jours le 21/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:15:36 le 21/11/2008
* Windows Xp - Internet Explorer 6.0.2900.2180
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
E: - Lecteur amovible
F: - Lecteur amovible
+- Contenu de l'autorun : C:\autorun.inf
;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl
+- Contenu de l'autorun : E:\autorun.inf
;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl
+- Contenu de l'autorun : F:\autorun.inf
;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[21/11/2008 21:05][-r-hs----] C:\abk.bat
[21/11/2008 21:05][-r-hs----] C:\AUTOEXEC.BAT
[21/11/2008 21:05][-r-hs----] C:\tmp.bat
[21/11/2008 21:05][-r-hs----] C:\xk2n.bat
[29/12/2007 19:19][-rahs----] C:\NTDETECT.COM
[01/10/2008 15:19][-r-hs----] C:\otyh.cmd
[07/10/2008 11:40][-r-hs----] C:\itsduel.exe
[07/10/2008 11:40][-r-hs----] C:\StubInstaller.exe
[07/10/2008 11:40][-r-hs----] C:\UNWISE.EXE
[07/10/2008 11:40][-r-hs----] C:\ybj8df.exe
[29/12/2007 19:26][-rahs----] C:\boot.ini
[21/11/2008 21:13][-r-hs----] C:\autorun.inf
[31/12/2007 15:47][--a------] C:\ComboFix.txt
[31/12/2007 15:47][--a------] C:\MDL 1.1 Protocol Debug.txt
[31/12/2007 15:47][--a------] C:\UsbFix.txt
[31/12/2007 15:47][--a------] C:\xscan.txt
[18/09/2002 12:35][--a------] C:\CONFIG.SYS
[18/09/2002 12:35][--a------] C:\hiberfil.sys
[18/09/2002 12:35][--a------] C:\IO.SYS
[18/09/2002 12:35][--a------] C:\MSDOS.SYS
[18/09/2002 12:35][--a------] C:\pagefile.sys
[18/09/2002 12:35][--a------] C:\pv1jaw3o.sys
--------------- [ Lecteur E ] ----------------
E: - Lecteur amovible
+- Listing des fichiers présents :
[21/11/2008 21:05][-r-hs----] E:\abk.bat
[19/07/2008 13:50][-r-hs----] E:\ybj8df.exe
[21/11/2008 21:13][-r-hs----] E:\autorun.inf
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[21/11/2008 21:05][-r-hs----] F:\abk.bat
[21/11/2008 21:13][-r-hs----] F:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
BCMSMMSG=BCMSMMSG.exe
DadApp=C:\Program Files\Dell\AccessDirect\dadapp.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
DVDSentry=C:\WINDOWS\System32\DSentry.exe
NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
LVCOMS=C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18232250-f995-11da-87a8-000f1f256efa}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18232250-f995-11da-87a8-000f1f256efa}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18232250-f995-11da-87a8-000f1f256efa}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49440130-601a-11d9-856f-af272fedec78}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49440130-601a-11d9-856f-af272fedec78}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49440130-601a-11d9-856f-af272fedec78}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15eea-646c-11d8-83dc-000d56b35b82}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15eea-646c-11d8-83dc-000d56b35b82}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15eea-646c-11d8-83dc-000d56b35b82}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15f03-646c-11d8-83dc-000d56b35b82}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15f03-646c-11d8-83dc-000d56b35b82}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15f03-646c-11d8-83dc-000d56b35b82}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f38d23e-66dd-11dd-8a60-000f1f256efa}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f38d23e-66dd-11dd-8a60-000f1f256efa}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f38d23e-66dd-11dd-8a60-000f1f256efa}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9cf99a-430a-11dd-8a55-000fb5842e59}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9cf99a-430a-11dd-8a55-000fb5842e59}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9cf99a-430a-11dd-8a55-000fb5842e59}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [07/10/2008 11:40][-r-hs----] C:\WINDOWS\system32\ckvo.exe
Supprimé ! - [21/11/2008 21:04][-r-hs----] C:\WINDOWS\system32\ckvo0.dll
Supprimé ! - [07/10/2008 11:40][-r-hs----] C:\WINDOWS\system32\ckvo1.dll
Supprimé ! - [21/11/2008 21:05][-r-hs----] C:\WINDOWS\system32\kamsoft.exe
C:\autorun.inf ~> fichier appelé : "C:\abk.bat" ( présent ! )
Supprimé ! - C:\abk.bat
E:\autorun.inf ~> fichier appelé : "E:\abk.bat" ( présent ! )
Supprimé ! - E:\abk.bat
F:\autorun.inf ~> fichier appelé : "F:\abk.bat" ( présent ! )
Supprimé ! - F:\abk.bat
Supprimé ! - [21/11/2008 21:13][-r-hs----] C:\autorun.inf
Supprimé ! - [07/10/2008 11:40][-r-hs----] C:\itsduel.exe
Supprimé ! - [01/10/2008 15:19][-r-hs----] C:\otyh.cmd
Supprimé ! - [21/09/2008 13:15][-r-hs----] C:\xk2n.bat
Supprimé ! - [21/11/2008 21:13][-r-hs----] E:\autorun.inf
Supprimé ! - [21/11/2008 21:13][-r-hs----] F:\autorun.inf
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[18/09/2002 12:35][--a------] C:\AUTOEXEC.BAT
[18/09/2002 12:35][--a------] C:\tmp.bat
[29/12/2007 19:19][-rahs----] C:\NTDETECT.COM
[31/10/2005 16:56][--a------] C:\StubInstaller.exe
[31/10/2005 16:56][--a------] C:\UNWISE.EXE
[31/10/2005 16:56][--a------] C:\ybj8df.exe
[29/12/2007 19:26][-rahs----] C:\boot.ini
[19/07/2008 13:50][-r-hs----] E:\ybj8df.exe
--------------- ! Fin du rapport ! ----------------
Voili voilo...
Merci d'avance
Pour plus de clarté, et comme tout le monde semble s'être mis d'accord... je vais respecter seulement les consignes de Chiquitine29...
Alors voilà, j'ai fais un scan UsbFix avec 2 clés USB (lecteur E: et F:) connectées... Le UsbFix.txt est le suivant... (indigeste à mon goût) - Ah! Tiens! je viens de m'apercevoir que c'est Chiquitine29 qui le met à jour ce soft... je mettrai donc un bémol à mon "indigeste" :) :
-------------- UsbFix V2.411 ---------------
* User : hamelin garrec paul - DELL
* Outils mis a jours le 21/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 21:15:36 le 21/11/2008
* Windows Xp - Internet Explorer 6.0.2900.2180
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
E: - Lecteur amovible
F: - Lecteur amovible
+- Contenu de l'autorun : C:\autorun.inf
;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl
+- Contenu de l'autorun : E:\autorun.inf
;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl
+- Contenu de l'autorun : F:\autorun.inf
;7a4ok2DCSdpd3307Dps8KA23w60mUerSsHrDOw9d0fwLeJ8kafl0oDae7kLk7srsLkdioDd05KiS4ls24j
[AutoRun]
;S4lLDwosij32lo1DlLLKedqaL7kK1Oie22k88saaDr8wDakKwXi4qoird9k0l0IsiZoSkKiHnDiKk3DaAw2d42wK
open=abk.bat
;l4330s42LLaAJas025Lafaa4DsijLswkwok4rCia3lj3OldwdwXwiD4rKSZAd37SAkwk7kes2Kc
shell\open\Command=abk.bat
;kpjlqdAdss0aaZ5jwrKOoSsafAAa43reSrD2lJ01q2q74jJ1raw4e3sw2ii3
shell\open\Default=1
;FDnA071sso329Kd383kjK2K
shell\explore\Command=abk.bat
;52fZl77qJkw5lw5Ja1mkDa3keLwk44drk4iD9Dd32qjs21spkadajlAiaJka4a22wf6dl4kqio0rrKS3q5lLslk3dAi3i3LOwSdiaqKi4r9KeLl
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[21/11/2008 21:05][-r-hs----] C:\abk.bat
[21/11/2008 21:05][-r-hs----] C:\AUTOEXEC.BAT
[21/11/2008 21:05][-r-hs----] C:\tmp.bat
[21/11/2008 21:05][-r-hs----] C:\xk2n.bat
[29/12/2007 19:19][-rahs----] C:\NTDETECT.COM
[01/10/2008 15:19][-r-hs----] C:\otyh.cmd
[07/10/2008 11:40][-r-hs----] C:\itsduel.exe
[07/10/2008 11:40][-r-hs----] C:\StubInstaller.exe
[07/10/2008 11:40][-r-hs----] C:\UNWISE.EXE
[07/10/2008 11:40][-r-hs----] C:\ybj8df.exe
[29/12/2007 19:26][-rahs----] C:\boot.ini
[21/11/2008 21:13][-r-hs----] C:\autorun.inf
[31/12/2007 15:47][--a------] C:\ComboFix.txt
[31/12/2007 15:47][--a------] C:\MDL 1.1 Protocol Debug.txt
[31/12/2007 15:47][--a------] C:\UsbFix.txt
[31/12/2007 15:47][--a------] C:\xscan.txt
[18/09/2002 12:35][--a------] C:\CONFIG.SYS
[18/09/2002 12:35][--a------] C:\hiberfil.sys
[18/09/2002 12:35][--a------] C:\IO.SYS
[18/09/2002 12:35][--a------] C:\MSDOS.SYS
[18/09/2002 12:35][--a------] C:\pagefile.sys
[18/09/2002 12:35][--a------] C:\pv1jaw3o.sys
--------------- [ Lecteur E ] ----------------
E: - Lecteur amovible
+- Listing des fichiers présents :
[21/11/2008 21:05][-r-hs----] E:\abk.bat
[19/07/2008 13:50][-r-hs----] E:\ybj8df.exe
[21/11/2008 21:13][-r-hs----] E:\autorun.inf
--------------- [ Lecteur F ] ----------------
F: - Lecteur amovible
+- Listing des fichiers présents :
[21/11/2008 21:05][-r-hs----] F:\abk.bat
[21/11/2008 21:13][-r-hs----] F:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
WOOKIT=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
BCMSMMSG=BCMSMMSG.exe
DadApp=C:\Program Files\Dell\AccessDirect\dadapp.exe
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
DVDSentry=C:\WINDOWS\System32\DSentry.exe
NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
LVCOMS=C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
ORAHSSSessionManager=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18232250-f995-11da-87a8-000f1f256efa}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18232250-f995-11da-87a8-000f1f256efa}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18232250-f995-11da-87a8-000f1f256efa}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49440130-601a-11d9-856f-af272fedec78}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49440130-601a-11d9-856f-af272fedec78}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49440130-601a-11d9-856f-af272fedec78}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15eea-646c-11d8-83dc-000d56b35b82}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15eea-646c-11d8-83dc-000d56b35b82}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15eea-646c-11d8-83dc-000d56b35b82}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15f03-646c-11d8-83dc-000d56b35b82}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15f03-646c-11d8-83dc-000d56b35b82}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ec15f03-646c-11d8-83dc-000d56b35b82}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f38d23e-66dd-11dd-8a60-000f1f256efa}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f38d23e-66dd-11dd-8a60-000f1f256efa}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7f38d23e-66dd-11dd-8a60-000f1f256efa}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9cf99a-430a-11dd-8a55-000fb5842e59}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9cf99a-430a-11dd-8a55-000fb5842e59}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb9cf99a-430a-11dd-8a55-000fb5842e59}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [07/10/2008 11:40][-r-hs----] C:\WINDOWS\system32\ckvo.exe
Supprimé ! - [21/11/2008 21:04][-r-hs----] C:\WINDOWS\system32\ckvo0.dll
Supprimé ! - [07/10/2008 11:40][-r-hs----] C:\WINDOWS\system32\ckvo1.dll
Supprimé ! - [21/11/2008 21:05][-r-hs----] C:\WINDOWS\system32\kamsoft.exe
C:\autorun.inf ~> fichier appelé : "C:\abk.bat" ( présent ! )
Supprimé ! - C:\abk.bat
E:\autorun.inf ~> fichier appelé : "E:\abk.bat" ( présent ! )
Supprimé ! - E:\abk.bat
F:\autorun.inf ~> fichier appelé : "F:\abk.bat" ( présent ! )
Supprimé ! - F:\abk.bat
Supprimé ! - [21/11/2008 21:13][-r-hs----] C:\autorun.inf
Supprimé ! - [07/10/2008 11:40][-r-hs----] C:\itsduel.exe
Supprimé ! - [01/10/2008 15:19][-r-hs----] C:\otyh.cmd
Supprimé ! - [21/09/2008 13:15][-r-hs----] C:\xk2n.bat
Supprimé ! - [21/11/2008 21:13][-r-hs----] E:\autorun.inf
Supprimé ! - [21/11/2008 21:13][-r-hs----] F:\autorun.inf
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[18/09/2002 12:35][--a------] C:\AUTOEXEC.BAT
[18/09/2002 12:35][--a------] C:\tmp.bat
[29/12/2007 19:19][-rahs----] C:\NTDETECT.COM
[31/10/2005 16:56][--a------] C:\StubInstaller.exe
[31/10/2005 16:56][--a------] C:\UNWISE.EXE
[31/10/2005 16:56][--a------] C:\ybj8df.exe
[29/12/2007 19:26][-rahs----] C:\boot.ini
[19/07/2008 13:50][-r-hs----] E:\ybj8df.exe
--------------- ! Fin du rapport ! ----------------
Voili voilo...
Merci d'avance
Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
supprime :
C:\tmp.bat
C:\ybj8df.exe
E:\ybj8df.exe
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «appliquer» pour valider les changements.
Et OK
supprime :
C:\tmp.bat
C:\ybj8df.exe
E:\ybj8df.exe
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Merci Chiquitine29,
Je te poste le rapport de ToolsCleaner :
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\ComboFix.exe: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\HijackThis.exe: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\hijackthis.log: trouvé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\UsbFix\UsbFix.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\ComboFix.exe: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.txt: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\hijackthis.log: supprimé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Program Files\UsbFix\UsbFix.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\UsbFix: ERREUR DE SUPPRESSION !!
Est-ce que les antibiotiques ont fonctionnés ("Les antibiotiques... c'est pas systématique !") ?
Je te poste le rapport de ToolsCleaner :
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\ComboFix.exe: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\HijackThis.exe: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\hijackthis.log: trouvé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\UsbFix\UsbFix.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\ComboFix.exe: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.txt: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\Multimédia\Curededesintox\hijackthis.log: supprimé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Program Files\UsbFix\UsbFix.exe: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\hamelin garrec paul\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\UsbFix: ERREUR DE SUPPRESSION !!
Est-ce que les antibiotiques ont fonctionnés ("Les antibiotiques... c'est pas systématique !") ?
Télécharge HijackThis (outils de dignostic) ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
Merci Chiquitine29,
Voilà le scan HiJackThis,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:21, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Companion.JS BHO - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Voilà le scan HiJackThis,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:21, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Companion.JS BHO - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
désinstal java car pas a jours et telecharge et instal cette version :
https://www.java.com/fr/download/manual.jsp
met internet explorer a jours :
IE 7 : ftp://ftp.telecharger.com/01net/IE7Setup.exe
puis refais un scan hijackthis et post le rapport
https://www.java.com/fr/download/manual.jsp
met internet explorer a jours :
IE 7 : ftp://ftp.telecharger.com/01net/IE7Setup.exe
puis refais un scan hijackthis et post le rapport
Ok, j'ai donc mis à jour Java et IE7...
voilà le nouveau POST HiJackThis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:12, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Companion.JS BHO - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
voilà le nouveau POST HiJackThis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:12, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SYSTEM32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Companion.JS BHO - {ADDEE521-F1CC-4B89-8C88-B2CF625B9163} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Companion.JS - {0402343A-B530-482b-AA27-A61CEC3E4D2E} - C:\Program Files\Core Services\Companion.JS\CompanionJS.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
je suppose que antivir detect usbfix enfin un de ses composant
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ensuite met a jours antivir lance le sacn et post le rapport stp
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
ensuite met a jours antivir lance le sacn et post le rapport stp
Ok, voilà le log ToolsCleaner :
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\HijackThis.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
et voilàle log du scan Antivir :
Avira AntiVir Personal
Report file date: samedi 22 novembre 2008 16:23
Scanning for 1045520 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DELL
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:21:08
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 15:21:09
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 15:21:10
ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 21/11/2008 15:21:10
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 22/11/2008 15:21:16
AESCN.DLL : 8.1.1.5 123251 Bytes 22/11/2008 15:21:16
AERDL.DLL : 8.1.1.3 438645 Bytes 22/11/2008 15:21:15
AEPACK.DLL : 8.1.3.4 393591 Bytes 22/11/2008 15:21:15
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 22/11/2008 15:21:14
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 22/11/2008 15:21:14
AEHELP.DLL : 8.1.2.0 119159 Bytes 22/11/2008 15:21:13
AEGEN.DLL : 8.1.1.5 323956 Bytes 22/11/2008 15:21:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 22/11/2008 15:21:11
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22/11/2008 15:21:11
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 22 novembre 2008 16:23
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'BCMSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\hamelin garrec paul\Local Settings\Temp\G33-tmp_.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '495b3d47.qua'!
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\pspcrk.exe
[DETECTION] Is the TR/Agent.24628.D Trojan
[NOTE] The file was moved to '49984154.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP142\A0017908.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584316.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP142\A0018006.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958431e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP142\A0018008.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958431f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP143\A0018086.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584324.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP143\A0018113.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584327.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP143\A0018114.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584329.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018127.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018152.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584332.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018154.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584334.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018303.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958433e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018305.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958433f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018315.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584341.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018316.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584343.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018355.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584346.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018356.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584348.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018416.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958434f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018427.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584351.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018428.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584358.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018436.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958435a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018437.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958435d.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018445.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584360.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018446.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584365.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP146\A0018467.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958436c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP146\A0018497.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584370.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP146\A0018498.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584371.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018528.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584376.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018529.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584378.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018539.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958437a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018540.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958437c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018549.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018552.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018559.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018560.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438d.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018570.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018571.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP148\A0018593.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584394.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP148\A0019576.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584396.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP148\A0019577.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584397.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019599.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958439b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019712.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019714.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a2.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019716.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a3.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019733.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a6.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019735.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843a7.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019738.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843a8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019739.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843aa.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP150\A0019740.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843ad.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP150\A0019749.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843b0.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP150\A0019751.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843b2.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019757.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843b5.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019763.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843b7.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019765.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843b9.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019768.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843bb.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019769.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843bc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019792.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843be.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019953.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843ca.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019955.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843cc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019956.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843cd.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019962.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843cf.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019964.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843d1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019966.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843d2.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019967.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843d4.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020080.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843d8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020081.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843da.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020089.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843dc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020092.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843de.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP157\A0020094.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843e1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP157\A0020108.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843e4.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP157\A0020110.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843e5.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP158\A0020380.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843ff.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP159\A0020383.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584401.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP160\A0020597.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958440c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP161\A0021086.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584423.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP162\A0021735.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584436.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP163\A0021752.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584439.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP164\A0021920.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584440.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP165\A0022206.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958444f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP166\A0022208.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584458.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP167\A0022575.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584469.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP168\A0022733.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958446f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP169\A0022905.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958447b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP170\A0023370.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958448c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP171\A0023636.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844a8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP172\A0023787.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844b9.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP173\A0023890.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844bf.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP174\A0024046.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844cc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026219.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584522.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026418.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584529.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026420.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958452b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026541.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958452f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026542.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584531.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026543.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584532.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026544.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584534.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026629.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584539.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026653.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958453b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026654.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958453d.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026655.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958453f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026668.exe
[DETECTION] Is the TR/Vundo.DVD Trojan
[NOTE] The file was moved to '49584545.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP176\A0026794.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584555.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP189\A0027516.exe
[DETECTION] Is the TR/Agent.24628.D Trojan
[NOTE] The file was moved to '49584581.qua'!
C:\WINDOWS\orgnavi.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '498f45d1.qua'!
C:\WINDOWS\SYSTEM32\gasretyw0.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499b4887.qua'!
C:\WINDOWS\SYSTEM32\OLD77.tmp
[DETECTION] Is the TR/Vundo.DVD Trojan
[NOTE] The file was moved to '496c4965.qua'!
C:\WINDOWS\SYSTEM32\wwcibzwa.exe
[DETECTION] Contains recognition pattern of the DR/Hotbar.BQ dropper
[NOTE] The file was moved to '498b4a01.qua'!
C:\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe
[DETECTION] Is the TR/Dldr.VB.ccs Trojan
[NOTE] The file was moved to '498c4a00.qua'!
End of the scan: samedi 22 novembre 2008 19:05
Used time: 2:42:12 Hour(s)
The scan has been done completely.
8828 Scanning directories
389080 Files were scanned
107 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
105 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
388971 Files not concerned
6013 Archives were scanned
2 Warnings
107 Notes
Voilà... dis moi ce qu'il en est Chiquitine29... Merci
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\hamelin garrec paul\Bureau\HijackThis.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\hamelin garrec paul\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
et voilàle log du scan Antivir :
Avira AntiVir Personal
Report file date: samedi 22 novembre 2008 16:23
Scanning for 1045520 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DELL
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:21:08
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 15:21:09
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 16/11/2008 15:21:10
ANTIVIR3.VDF : 7.1.0.122 154112 Bytes 21/11/2008 15:21:10
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 22/11/2008 15:21:16
AESCN.DLL : 8.1.1.5 123251 Bytes 22/11/2008 15:21:16
AERDL.DLL : 8.1.1.3 438645 Bytes 22/11/2008 15:21:15
AEPACK.DLL : 8.1.3.4 393591 Bytes 22/11/2008 15:21:15
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 22/11/2008 15:21:14
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 22/11/2008 15:21:14
AEHELP.DLL : 8.1.2.0 119159 Bytes 22/11/2008 15:21:13
AEGEN.DLL : 8.1.1.5 323956 Bytes 22/11/2008 15:21:12
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.1 172406 Bytes 22/11/2008 15:21:11
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 22/11/2008 15:21:11
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 22 novembre 2008 16:23
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'FTCOMModule.exe' - '1' Module(s) have been scanned
Scan process 'OraConfigRecover.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'CoreCom.exe' - '1' Module(s) have been scanned
Scan process 'ConnectivityManager.exe' - '1' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'Launcher.exe' - '1' Module(s) have been scanned
Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'BCMSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\hamelin garrec paul\Local Settings\Temp\G33-tmp_.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '495b3d47.qua'!
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\pspcrk.exe
[DETECTION] Is the TR/Agent.24628.D Trojan
[NOTE] The file was moved to '49984154.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP142\A0017908.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584316.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP142\A0018006.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958431e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP142\A0018008.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958431f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP143\A0018086.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584324.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP143\A0018113.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584327.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP143\A0018114.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584329.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018127.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018152.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584332.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018154.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584334.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018303.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958433e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018305.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958433f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018315.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584341.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018316.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584343.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018355.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584346.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP144\A0018356.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584348.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018416.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958434f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018427.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584351.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018428.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584358.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018436.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958435a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018437.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958435d.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018445.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584360.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP145\A0018446.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584365.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP146\A0018467.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958436c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP146\A0018497.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584370.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP146\A0018498.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584371.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018528.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584376.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018529.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584378.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018539.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958437a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018540.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958437c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018549.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018552.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438a.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018559.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018560.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438d.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018570.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438e.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP147\A0018571.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958438f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP148\A0018593.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584394.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP148\A0019576.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584396.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP148\A0019577.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584397.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019599.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4958439b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019712.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019714.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a2.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019716.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a3.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019733.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843a6.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019735.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843a7.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019738.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843a8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP149\A0019739.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843aa.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP150\A0019740.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843ad.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP150\A0019749.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843b0.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP150\A0019751.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843b2.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019757.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843b5.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019763.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843b7.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019765.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843b9.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019768.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843bb.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019769.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843bc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP151\A0019792.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843be.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019953.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843ca.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019955.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843cc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019956.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843cd.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019962.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843cf.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019964.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843d1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019966.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843d2.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0019967.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843d4.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020080.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843d8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020081.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843da.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020089.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843dc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP156\A0020092.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843de.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP157\A0020094.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843e1.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP157\A0020108.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '495843e4.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP157\A0020110.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843e5.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP158\A0020380.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495843ff.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP159\A0020383.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584401.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP160\A0020597.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958440c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP161\A0021086.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584423.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP162\A0021735.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584436.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP163\A0021752.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584439.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP164\A0021920.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584440.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP165\A0022206.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958444f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP166\A0022208.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584458.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP167\A0022575.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584469.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP168\A0022733.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958446f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP169\A0022905.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958447b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP170\A0023370.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958448c.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP171\A0023636.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844a8.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP172\A0023787.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844b9.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP173\A0023890.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844bf.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP174\A0024046.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495844cc.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026219.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584522.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026418.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584529.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026420.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958452b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026541.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958452f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026542.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584531.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026543.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584532.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026544.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584534.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026629.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49584539.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026653.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958453b.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026654.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958453d.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026655.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4958453f.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP175\A0026668.exe
[DETECTION] Is the TR/Vundo.DVD Trojan
[NOTE] The file was moved to '49584545.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP176\A0026794.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49584555.qua'!
C:\System Volume Information\_restore{2D081E92-40B0-4D11-86A6-AF667022EB05}\RP189\A0027516.exe
[DETECTION] Is the TR/Agent.24628.D Trojan
[NOTE] The file was moved to '49584581.qua'!
C:\WINDOWS\orgnavi.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[NOTE] The file was moved to '498f45d1.qua'!
C:\WINDOWS\SYSTEM32\gasretyw0.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '499b4887.qua'!
C:\WINDOWS\SYSTEM32\OLD77.tmp
[DETECTION] Is the TR/Vundo.DVD Trojan
[NOTE] The file was moved to '496c4965.qua'!
C:\WINDOWS\SYSTEM32\wwcibzwa.exe
[DETECTION] Contains recognition pattern of the DR/Hotbar.BQ dropper
[NOTE] The file was moved to '498b4a01.qua'!
C:\WINDOWS\SYSTEM32\ardCo01\ardCo011065.exe
[DETECTION] Is the TR/Dldr.VB.ccs Trojan
[NOTE] The file was moved to '498c4a00.qua'!
End of the scan: samedi 22 novembre 2008 19:05
Used time: 2:42:12 Hour(s)
The scan has been done completely.
8828 Scanning directories
389080 Files were scanned
107 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
105 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
388971 Files not concerned
6013 Archives were scanned
2 Warnings
107 Notes
Voilà... dis moi ce qu'il en est Chiquitine29... Merci
Telecharge malwarebytes
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Voilà le rapport de MalwareBytes :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2
22/11/2008 22:01:39
mbam-log-2008-11-22 (22-01-32).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 124083
Temps écoulé: 1 hour(s), 46 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\orgnavi.video (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.
HKEY_CLASSES_ROOT\AppID\orgnavi.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> No action taken.
Merci Chiquitine29... dis moi ce qu'il en est...
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2
22/11/2008 22:01:39
mbam-log-2008-11-22 (22-01-32).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 124083
Temps écoulé: 1 hour(s), 46 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\orgnavi.video (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> No action taken.
HKEY_CLASSES_ROOT\AppID\orgnavi.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> No action taken.
Merci Chiquitine29... dis moi ce qu'il en est...
Excuse moi ! Sur ce coup là, je n'ai pas été très malin...
J'ai finalement "cliqué" le bouton supprimer...
Voilà le rapport MalwareBytes : (le rapport ToolsCleaner reste inchangé)
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2
23/11/2008 00:32:34
mbam-log-2008-11-23 (00-32-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 124083
Temps écoulé: 1 hour(s), 46 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\orgnavi.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\orgnavi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> Quarantined and deleted successfully.
Désolé... Merci...
J'ai finalement "cliqué" le bouton supprimer...
Voilà le rapport MalwareBytes : (le rapport ToolsCleaner reste inchangé)
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 2
23/11/2008 00:32:34
mbam-log-2008-11-23 (00-32-34).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 124083
Temps écoulé: 1 hour(s), 46 minute(s), 23 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\orgnavi.video (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48d78be5-cfb9-4b66-9ac4-96d4cf21de06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{74d46bba-5638-473a-83b6-97e7804a7411} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5c3f6257-3e00-45c2-88d5-cb0f3a17bf0e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f87f145-dc2d-4766-af03-3a3b96ffad98} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109b74c-f63f-43ea-84a4-3d43351c4021} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\orgnavi.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMon (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMon\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrorsIntl.ico (Malware.Trace) -> Quarantined and deleted successfully.
Désolé... Merci...
Comment supprimer le virus abk.bat?
(source: http://electronicerror.blogspot.com/
Dans Démarrer\Executer taper: regedit puis valider sur OK
Dans la fenêtre qui s'ouvre aller dans:
HKEY_Curent_User\Software\Microsoft\Windows\CurrentVersion\Run kamsoft
Supprimer l'entrée Run Kamsoft
Redémarrer le pc
Pour rendre tous les fichiers de l'ordinateur visibles:
Panneau de configuration\Option des dossiers\Affichage
Cocher « Afficher les fichiers et dossiers cachés »
Décocher « Masquer les fichiers protégés du système d'exploitation »
Dans Démarrer\Executer taper: regedit puis valider sur OK
Dans la fenêtre qui s'ouvre aller dans: HKEY_local_machine>software>microsoft>windows>current version >explorer>advanced>folder>hidden>showall
double cliquer sur checkedvalue et lui donner la valeur 1
Ensuite effectuer une recherche sur l'ensemble de vos disques (il est préférable de le faire sur tous les disques utilisés sur le pc sinon vous risquez de vous ré-infecter), des fichiers abk.bat et autorun.inf
Supprimer tous les résultats trouvés.
Normalement votre pc est désinfecté.
(Vous pouvez ensuite redonner la valeur 0 à checkedvalue et recacher vos fichiers système et fichiers cachés.)
(source: http://electronicerror.blogspot.com/
Dans Démarrer\Executer taper: regedit puis valider sur OK
Dans la fenêtre qui s'ouvre aller dans:
HKEY_Curent_User\Software\Microsoft\Windows\CurrentVersion\Run kamsoft
Supprimer l'entrée Run Kamsoft
Redémarrer le pc
Pour rendre tous les fichiers de l'ordinateur visibles:
Panneau de configuration\Option des dossiers\Affichage
Cocher « Afficher les fichiers et dossiers cachés »
Décocher « Masquer les fichiers protégés du système d'exploitation »
Dans Démarrer\Executer taper: regedit puis valider sur OK
Dans la fenêtre qui s'ouvre aller dans: HKEY_local_machine>software>microsoft>windows>current version >explorer>advanced>folder>hidden>showall
double cliquer sur checkedvalue et lui donner la valeur 1
Ensuite effectuer une recherche sur l'ensemble de vos disques (il est préférable de le faire sur tous les disques utilisés sur le pc sinon vous risquez de vous ré-infecter), des fichiers abk.bat et autorun.inf
Supprimer tous les résultats trouvés.
Normalement votre pc est désinfecté.
(Vous pouvez ensuite redonner la valeur 0 à checkedvalue et recacher vos fichiers système et fichiers cachés.)
