Aide Pour Un Virus Win32: Trojan - Page 2

Précédent
  • 1
  • 2
  1. K-Verbal
     
    De toutes façon c'est bon j'ai trouver un autre lien qui m'indique le meme endroit...
    0
  2. neor Messages postés 1119 Statut Membre 30
     
    c'est le - qui donne le lien incomplet

    ok
    0
  3. K-Verbal
     
    Le rapport:

    F --------- Logfile of AD-Remover 1.0.5.4 by C_XX ---------

    # OPTION: Scan

    START at: 23:25:31 | 2008-11-30
    ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
    Internet Explorer: [7.0.5730.13]
    EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    USER: ERWAN ( Current user is an administrator )
    PC: PEREDAG
    BOOT MODE: Normal
    DRIVE(S): A:\
    -
    Systemdrive: C:\ (FAT32)

    --------- [ RUNNING PROCESSES ] ---------

    \SystemRoot\System32\smss.exe
    \??\C:\WINDOWS.000\system32\csrss.exe
    \??\C:\WINDOWS.000\system32\winlogon.exe
    C:\WINDOWS.000\system32\services.exe
    C:\WINDOWS.000\system32\lsass.exe
    C:\WINDOWS.000\system32\svchost.exe
    C:\WINDOWS.000\system32\svchost.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\system32\svchost.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.000\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS.000\system32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\WINDOWS.000\system32\nvsvc32.exe
    C:\WINDOWS.000\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\WINDOWS.000\system32\frmwrk32.exe
    C:\WINDOWS.000\WebCam\M1000\M1000Mnt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS.000\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS.000\System32\alg.exe
    C:\WINDOWS.000\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\SYSTEM32\notepad.exe

    ---------------------------- [~> 42]

    +---------------------------------------------------------------------------+
    +------------------------------- SERVICES FOUND ..
    +---------------------------------------------------------------------------+

    Found ! - "Boonty Games"

    +---------------------------------------------------------------------------+
    +------------------------------- REGISTRY ELEMENTS FOUND ..
    +---------------------------------------------------------------------------+

    "HKEY_CURRENT_USER\SOFTWARE\Boonty"
    "HKEY_LOCAL_MACHINE\Software\Boonty"
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BOONTY_GAMES"
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Boonty Games"
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Boonty Games"
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"

    +---------------------------------------------------------------------------+
    +------------------------------- FILES\FOLDERS FOUND ..
    +---------------------------------------------------------------------------+

    [2007-12-28 19:47|d--------] C:\Program Files\Boonty
    [2007-12-28 19:47|d--------] C:\Program Files\BoontyGames
    [2007-12-28 19:47|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
    [2007-12-28 19:47|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY

    +---------------------------------------------------------------------------+
    +------------------------------- ADDED SCAN ..
    +---------------------------------------------------------------------------+

    +---------- Scanning prefs.js ... ( # Mozilla User Preferences )

    ...\owg2ym1o.default\prefs.js :

    ~~~~ Mozilla FireFox version ~~~~

    Start Page : "https://www.msn.com/fr-fr"

    +----------+

    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\...\Run]

    ctfmon.exe REG_SZ C:\WINDOWS.000\system32\ctfmon.exe
    Steam REG_SZ "C:\Program Files\Steam\Steam.exe" -silent
    IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    Netlog Music Tool REG_SZ "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    +--[HKEY_LOCAL_MACHINE\...\Run]

    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
    NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    M1000Mnt REG_SZ M1000Rmv.exe /StartStillMnt
    ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    Framework Windows REG_SZ frmwrk32.exe
    SpywareCleaner REG_SZ C:\WINDOWS.000\system32\SpywareRemover.exe
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k

    +--[HKEY_USERS\.DEFAULT\...\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS.000\System32\CTFMON.EXE

    +--[HKEY_CURRENT_USER\...\Internet Explorer\MAIN]

    Start Page : hxxp://www.orange.fr/

    +--[HKEY_LOCAL_MACHINE\...\Internet Explorer\MAIN]

    Start Page : hxxp://www.msn.com/

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 125 lines ]
    +---------------------------------------------------------------------------+
    0
  4. neor Messages postés 1119 Statut Membre 30
     
    ------------------------nettoyage----------------------------------

    relance ad remover choisi l'option B et coche boonty et colle le rapport de désinfection
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. K-Verbal
     
    c'est bon :

    F --------- Logfile of AD-Remover 1.0.5.4 by C_XX ---------

    # OPTION: Clean

    START at: 23:32:03 | 2008-11-30
    ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
    Internet Explorer: [7.0.5730.13]

    *** Limited to ***

    Boonty/BoontyGames

    ******************

    EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
    USER: ERWAN ( Current user is an administrator )
    PC: PEREDAG
    BOOT MODE: Normal
    DRIVE(S): A:\
    -
    Systemdrive: C:\ (FAT32)

    --------- [ RUNNING PROCESSES ] ---------

    \SystemRoot\System32\smss.exe
    \??\C:\WINDOWS.000\system32\csrss.exe
    \??\C:\WINDOWS.000\system32\winlogon.exe
    C:\WINDOWS.000\system32\services.exe
    C:\WINDOWS.000\system32\lsass.exe
    C:\WINDOWS.000\system32\svchost.exe
    C:\WINDOWS.000\system32\svchost.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\system32\svchost.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS.000\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS.000\system32\drivers\CDAC11BA.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\WINDOWS.000\system32\nvsvc32.exe
    C:\WINDOWS.000\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\WINDOWS.000\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\WINDOWS.000\system32\frmwrk32.exe
    C:\WINDOWS.000\WebCam\M1000\M1000Mnt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS.000\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
    C:\Program Files\Xfire\xfire.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS.000\System32\alg.exe
    C:\WINDOWS.000\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS.000\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    ---------------------------- [~> 42]

    (!) ---- IE start pages reset

    +---------------------------------------------------------------------------+
    +------------------------------- SERVICES DELETED ..
    +---------------------------------------------------------------------------+

    Deleted successfully ! - "Boonty Games"

    +---------------------------------------------------------------------------+
    +------------------------------- REGISTRY ELEMENTS DELETED ..
    +---------------------------------------------------------------------------+

    "HKEY_CURRENT_USER\SOFTWARE\Boonty"
    "HKEY_LOCAL_MACHINE\Software\Boonty"
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Boonty Games"

    +---------------------------------------------------------------------------+
    +------------------------------- FILES\FOLDERS DELETED ..
    +---------------------------------------------------------------------------+

    [2007-12-28 19:47|d--------] C:\Program Files\Boonty
    [2007-12-28 19:47|d--------] C:\Program Files\BoontyGames
    [2007-12-28 19:47|d--------] C:\Program Files\Fichiers communs\BOONTY Shared
    [2007-12-28 19:47|d--------] C:\Documents and Settings\All Users\Application Data\BOONTY

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +---------------------------------------------------------------------------+
    +------------------------------- ADDED SCAN ..
    +---------------------------------------------------------------------------+

    +--[HKEY_CURRENT_USER\...\Run]

    ctfmon.exe REG_SZ C:\WINDOWS.000\system32\ctfmon.exe
    Steam REG_SZ "C:\Program Files\Steam\Steam.exe" -silent
    IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    Netlog Music Tool REG_SZ "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    +--[HKEY_LOCAL_MACHINE\...\Run]

    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
    NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    M1000Mnt REG_SZ M1000Rmv.exe /StartStillMnt
    ORAHSSSessionManager REG_SZ C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    Framework Windows REG_SZ frmwrk32.exe
    SpywareCleaner REG_SZ C:\WINDOWS.000\system32\SpywareRemover.exe
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    KernelFaultCheck REG_EXPAND_SZ %systemroot%\system32\dumprep 0 -k

    +--[HKEY_USERS\.DEFAULT\...\Run]

    CTFMON.EXE REG_SZ C:\WINDOWS.000\System32\CTFMON.EXE

    +--[HKEY_CURRENT_USER\...\Internet Explorer\MAIN]

    Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +--[HKEY_LOCAL_MACHINE\...\Internet Explorer\MAIN]

    Start Page : hxxp://fr.msn.com/

    +---------------------------------------------------------------------------+
    +------------------------------- [ E.O.F - 121 lines ]
    +---------------------------------------------------------------------------+
    0
  7. neor Messages postés 1119 Statut Membre 30
     
    refais un log hijackthis
    0
    1. K-Verbal
       
      Hop hop hop

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:41, on 2008-11-30
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS.000\System32\smss.exe
      C:\WINDOWS.000\system32\winlogon.exe
      C:\WINDOWS.000\system32\services.exe
      C:\WINDOWS.000\system32\lsass.exe
      C:\WINDOWS.000\system32\svchost.exe
      C:\WINDOWS.000\System32\svchost.exe
      C:\WINDOWS.000\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS.000\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
      C:\WINDOWS.000\system32\drivers\CDAC11BA.EXE
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
      C:\WINDOWS.000\system32\nvsvc32.exe
      C:\WINDOWS.000\system32\PnkBstrA.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS.000\System32\svchost.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
      C:\WINDOWS.000\system32\frmwrk32.exe
      C:\WINDOWS.000\WebCam\M1000\M1000Mnt.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS.000\system32\ctfmon.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
      C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
      C:\Program Files\Xfire\xfire.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\WINDOWS.000\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
      C:\WINDOWS.000\System32\svchost.exe
      C:\WINDOWS.000\system32\cmd.exe
      C:\WINDOWS.000\explorer.exe
      C:\WINDOWS.000\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\ERWAN\Bureau\Sanner.exe.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O2 - BHO: (no name) - {167B1C9B-9C9B-4EC6-AAFA-81BFA3EB4170} - C:\WINDOWS.000\system32\khFvWqOI.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: SARpp Class - {E56B8A14-3F49-4397-A003-316395FE68A7} - C:\WINDOWS.000\system32\MSSAR32.dll
      O3 - Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.000\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
      O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS.000\system32\SpywareRemover.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.000\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.000\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.000\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.000\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: D-Link AirPlus.lnk = ?
      O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
      O4 - Global Startup: Wireless Configuration Utility HW.00.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
      O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
      O16 - DPF: {8C2D1BF0-5364-403C-9968-E6E348C6B4FB} (VBIRDPlayer.Player) - http://www.iradiopop.com/IRD/sessionExpire.jsp
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
      O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - https://secure.gopetslive.com/dev/gopets.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O20 - Winlogon Notify: qoMGXnnn - qoMGXnnn.dll (file missing)
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS.000\system32\drivers\CDAC11BA.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.000\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS.000\system32\PnkBstrA.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      0
      1. K-Verbal > K-Verbal
         
        Etrangement ,la bulle d'information me disant que mon pc était infecté n'est plus là...Mais l'écran est toujours présent .
        0
  8. neor Messages postés 1119 Statut Membre 30
     
    désinstalle SpywareRemover
    0
    1. K-Verbal
       
      je le supprime manuellement, ou il existe une fonction de désinstallation?
      0
      1. neor Messages postés 1119 Statut Membre 30 > K-Verbal
         
        dans ajout supp de prog normalement
        0
      2. K-Verbal > K-Verbal
         
        J'ai également le fichier spywareremover.exe-35e2e3b.pf
        dois je le supprimer ?
        0
      3. neor Messages postés 1119 Statut Membre 30 > K-Verbal
         
        oui
        0
  9. neor Messages postés 1119 Statut Membre 30
     
    normalement y a un bon coup de propre de fait

    apres lance

    Lances Malwarebyte's .

    Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).

    --> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    --> à la fin tu cliques sur "résultat" .
    --> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    apres

    un coup de toolscleaner http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute

    et

    pour les utilisateurs ayant vista

    réactive l' UAC...

    (tu le réactiveras après ta désinfection):

    * Vas dans démarrer puis panneau de configuration
    * Double Clique sur l'icône "Comptes d'utilisateurs"
    * Cliques ensuite sur "Activer ou désactiver le contrôle des comptes d'utilisateurs" et valide.

    il faudra faire l'inverse une fois la désinfection terminé

    après c'est fini
    sauf si une personne trouve autre chose

    sur ce bonne nuit
    0
  10. K-Verbal
     
    Ok si j'ai bien compris je supprime le fichier spywareremove et je suis tes indications !Merci beaucoup !
    0
  11. kath2
     
    Dsl j'ai oublié de vous dire que cette saloperie plante mon ordi régulièrement et le relenti un max au bout d'un moment merci aux pros
    0
  12. K-Verbal
     
    le rapport :

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1439
    Windows 5.1.2600 Service Pack 3

    2008-12-01 00:25:12
    mbam-log-2008-12-01 (00-25-11).txt

    Type de recherche: Examen complet (A:\|B:\|C:\|D:\|F:\|)
    Eléments examinés: 192686
    Temps écoulé: 30 minute(s), 38 second(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 8
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 5
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    C:\WINDOWS.000\SYSTEM32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{53425550-293A-4025-AE03-F568039CD622}\RP521\A0286740.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Avenger\khFvWqOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Avenger\xkwyiw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Avenger\ogyrbujh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS.000\SYSTEM32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS.000\SYSTEM32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS.000\SYSTEM32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS.000\SYSTEM32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS.000\SYSTEM32\DRIVERS\etc\services (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  13. K-Verbal
     
    C'est bon! J'ai l'impression que le virus est éradiquer , et mon fond d'écran n'est plus noir ,je peux enfin le changer!

    Merci beaucoup neor, j'espère que tu es payé pour ce que tu fais parce que cela ta pris beaucoup de temps! A la prochaine.
    0
  14. Kharec Messages postés 4146 Date d'inscription   Statut Contributeur Dernière intervention   511
     
    CCM est une association de bénévole ^^

    PS: Bon boulot neor ;-))
    0
Précédent
  • 1
  • 2