Antirvirus 2009...
Résolu
erjoalple
Messages postés
51
Statut
Membre
-
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
Je vais vous expliquer mon cas. En fait je reçois une pub intempestive de antivirus 2009 qui me dis que mon pc est infecté...je suis pas le seul , donc je vais pas m'eterniser a tout l'explication , mais je voudrais savoir comment l'arreter comme , si j'ai bien compris , mon PC est infecté par quelque chose...
Je vous poste mon scan Hijackthis...
Pour info , ceux qui vont et si y a bien quelqu'un qui veut tenter de m'aider , vous allez peut etre me demander de prendre Navilog1 et l'installer , mais je l'es fais a plusieurs reprises , et apres installation , et ouverture de navilog , je mets dans le menu langue française , et ensuite il me demande de patienter , mais je patiente infiniment , rien ne finit par s'afficher...voila merci de m'aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:06, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stephane\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {e0862d30-ff01-462a-9e99-289e6f707d27} - C:\WINDOWS\system32\zekibawi.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [jijakadipe] Rundll32.exe "C:\WINDOWS\system32\nunoruzo.dll",s
O4 - HKLM\..\Run: [64a34738] rundll32.exe "C:\WINDOWS\system32\reforola.dll",b
O4 - HKLM\..\Run: [CPM679074a4] Rundll32.exe "c:\windows\system32\pufuyada.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [kskqu] "c:\documents and settings\stephane\local settings\application data\kskqu.exe" kskqu
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [jijakadipe] Rundll32.exe "C:\WINDOWS\system32\nunoruzo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPro1000.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: CLKERN.DLL C:\WINDOWS\system32\viyezoya.dll avgrsstx.dll c:\windows\system32\pufuyada.dll
O21 - SSODL: wmphost - {60FF1F59-D10D-4F47-B407-3DCB74CDC189} - (no file)
O21 - SSODL: wmpdev - {1147C455-ED77-47A1-859E-C89ADBB7AB31} - (no file)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pufuyada.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pufuyada.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7865 bytes
Je vais vous expliquer mon cas. En fait je reçois une pub intempestive de antivirus 2009 qui me dis que mon pc est infecté...je suis pas le seul , donc je vais pas m'eterniser a tout l'explication , mais je voudrais savoir comment l'arreter comme , si j'ai bien compris , mon PC est infecté par quelque chose...
Je vous poste mon scan Hijackthis...
Pour info , ceux qui vont et si y a bien quelqu'un qui veut tenter de m'aider , vous allez peut etre me demander de prendre Navilog1 et l'installer , mais je l'es fais a plusieurs reprises , et apres installation , et ouverture de navilog , je mets dans le menu langue française , et ensuite il me demande de patienter , mais je patiente infiniment , rien ne finit par s'afficher...voila merci de m'aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:06, on 03/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stephane\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {e0862d30-ff01-462a-9e99-289e6f707d27} - C:\WINDOWS\system32\zekibawi.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [jijakadipe] Rundll32.exe "C:\WINDOWS\system32\nunoruzo.dll",s
O4 - HKLM\..\Run: [64a34738] rundll32.exe "C:\WINDOWS\system32\reforola.dll",b
O4 - HKLM\..\Run: [CPM679074a4] Rundll32.exe "c:\windows\system32\pufuyada.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [kskqu] "c:\documents and settings\stephane\local settings\application data\kskqu.exe" kskqu
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [jijakadipe] Rundll32.exe "C:\WINDOWS\system32\nunoruzo.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPro1000.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: CLKERN.DLL C:\WINDOWS\system32\viyezoya.dll avgrsstx.dll c:\windows\system32\pufuyada.dll
O21 - SSODL: wmphost - {60FF1F59-D10D-4F47-B407-3DCB74CDC189} - (no file)
O21 - SSODL: wmpdev - {1147C455-ED77-47A1-859E-C89ADBB7AB31} - (no file)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pufuyada.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pufuyada.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7865 bytes
Configuration: Windows XP Firefox 2.0.0.18
A voir également:
- Antirvirus 2009...
- Clé d'activation windows 7 professionnel gratuit 2009 - Guide
- Msn 2009 - Télécharger - Messagerie
- Telecharger splitcam ancienne version 2009 - Télécharger - Messagerie
- Télécharger virtual dj 2009 gratuit - Télécharger - DJ & Karaoké
- Test 2009 - Télécharger - Contrôle parental
69 réponses
- 1
- 2
- 3
- 4
Suivant
Résumé de la discussion
Une publicité antivirus intempestive signale une infection et pousse l'utilisateur à chercher comment l'arrêter, le tout documenté par un scan HijackThis détaillé et décrivant clairement les symptômes observés.
Plusieurs conseils privilégient Malwarebytes pour un examen complet, mise à jour automatique et suppression des éléments détectés, puis redémarrage si nécessaire et sauvegarde du rapport.
En parallèle, la recommandation inclut de désactiver temporairement Internet Explorer pendant la suppression et d'analyser les éléments de démarrage et les modules complémentaires listés par HijackThis.
D'autres éléments du fil soulignent l'importance d'identifier les fichiers DLL suspects et les entrées de démarrage inhabituelles afin d'éviter les infections récurrentes et d'améliorer le nettoyage.
Bonsoir,
Télécharge Navilog1 sur ton bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
!! Déconnecte toi,désactive tes défenses( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !!
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide .
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite .
(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" )
TUTO (aide) : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901
Télécharge Navilog1 sur ton bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
!! Déconnecte toi,désactive tes défenses( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !!
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide .
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite .
(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" )
TUTO (aide) : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901
Bon voila , comme je l'expliquais , apres avoir desactiver tout anti-spyware et anti-virus , fermer toutes les applications , installer navilog , et l'avoir executer , je choisis la langue , et ensuite , on me demande de patienter...je patiente et rien ne vient...et j'ai deja attendu 15 minutes...j'aurais oublier quelque chose?
Re,
Arrête navilog et fait cela:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Arrête navilog et fait cela:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon comme demandé , j'ai fais la demarche...apres avoir taper Y pour lancer la suppression des services et des entrees du registre , il ecris dans le fond bleu (Starting Repairs Checking Running Processes and services...et ne reagis plus)
Que faire? pendant une heure vingt , je pense que c'est un peu long , en le fermant , il me met qu'il ne reagissais plus et je devais le "terminer maintenant" donc il avait buguer quoi...en gros ni navilog , et ni SDFix ne fonctionnent... :s
Je ne sais que faire
Que faire? pendant une heure vingt , je pense que c'est un peu long , en le fermant , il me met qu'il ne reagissais plus et je devais le "terminer maintenant" donc il avait buguer quoi...en gros ni navilog , et ni SDFix ne fonctionnent... :s
Je ne sais que faire
Re,
Telecharge malwarebytes + tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
▶ Tu l´instale; le programme va se mettre automatiquement a jour.
▶ Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
▶ Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
▶ Puis click sur "rechercher".
▶ Laisse le scanner le pc...
▶ Si des elements on ete trouvés > click sur supprimer la selection.
▶ Si il t´es demandé de redemarrer > click sur "yes".
▶ A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
▶ Copie et colle le rapport stp
Telecharge malwarebytes + tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
▶ Tu l´instale; le programme va se mettre automatiquement a jour.
▶ Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
▶ Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
▶ Puis click sur "rechercher".
▶ Laisse le scanner le pc...
▶ Si des elements on ete trouvés > click sur supprimer la selection.
▶ Si il t´es demandé de redemarrer > click sur "yes".
▶ A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
▶ Copie et colle le rapport stp
Salut
Fais ce qui suit avant de continuer
Ton PC doit etre embrouille
• Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
• Clique sur Recherche et laisse le scan se terminer.
• Clique, sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options facultatives.
• Clique sur Quitter, pour que le rapport puisse se créer.
• Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
Fais ce qui suit avant de continuer
Ton PC doit etre embrouille
• Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
• Clique sur Recherche et laisse le scan se terminer.
• Clique, sur Suppression pour finaliser.
• Tu peux, si tu le souhaites, te servir des Options facultatives.
• Clique sur Quitter, pour que le rapport puisse se créer.
• Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
Voila le rapport
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1454
Windows 5.1.2600 Service Pack 2
03/12/2008 22:07:16
mbam-log-2008-12-03 (22-07-16).txt
Type de recherche: Examen complet (C:\|J:\|)
Eléments examinés: 109926
Temps écoulé: 46 minute(s), 0 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 61
Processus mémoire infecté(s):
C:\documents and settings\Stephane\local settings\application data\kskqu.exe (Adware.Navipromo.H) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\reforola.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pufuyada.dll (Trojan.BHO) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0862d30-ff01-462a-9e99-289e6f707d27} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0862d30-ff01-462a-9e99-289e6f707d27} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4cf814f-970f-405d-a42c-0ce06eb97373} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64a34738 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kskqu (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm679074a4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jijakadipe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\pufuyada.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\pufuyada.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\buhuzopo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opozuhub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mojujebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubejujom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reforola.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\alorofer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zekibawi.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\system32\pufuyada.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP468\A0067127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP468\A0067194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP469\A0070202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP469\A0070203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP469\A0070204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070332.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070357.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070626.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070624.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070627.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070628.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070632.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070633.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070634.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070635.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070636.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070637.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070638.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070639.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070641.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070642.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070645.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070647.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juborafe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gazanudu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tevupiru.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hugimizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4adf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nunoruzo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\Documents and Settings\Stephane\Local Settings\Temp\TDSS3776.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Temp\TDSS3786.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Temp\TDSS39c8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS46e7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1454
Windows 5.1.2600 Service Pack 2
03/12/2008 22:07:16
mbam-log-2008-12-03 (22-07-16).txt
Type de recherche: Examen complet (C:\|J:\|)
Eléments examinés: 109926
Temps écoulé: 46 minute(s), 0 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 61
Processus mémoire infecté(s):
C:\documents and settings\Stephane\local settings\application data\kskqu.exe (Adware.Navipromo.H) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\reforola.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pufuyada.dll (Trojan.BHO) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0862d30-ff01-462a-9e99-289e6f707d27} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0862d30-ff01-462a-9e99-289e6f707d27} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvps.msvpsapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.PestPatrol) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b69a9db4-d0a1-4722-b56b-f20757a29cdf} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f4cf814f-970f-405d-a42c-0ce06eb97373} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\64a34738 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kskqu (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm679074a4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jijakadipe (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\pufuyada.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\pufuyada.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\buhuzopo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opozuhub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mojujebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubejujom.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\reforola.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\alorofer.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Application Data\kskqu.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zekibawi.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\system32\pufuyada.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP468\A0067127.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP468\A0067194.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP469\A0070202.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP469\A0070203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP469\A0070204.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070276.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070331.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070332.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070357.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070626.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070624.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070627.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070628.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070631.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070632.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070633.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070634.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070635.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070636.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070637.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070638.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070639.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070641.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070642.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070645.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9F04F297-9E04-4A10-B725-7FE9261BDB1D}\RP470\A0070647.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juborafe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gazanudu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tevupiru.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hugimizu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4adf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nunoruzo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\Documents and Settings\Stephane\Local Settings\Temp\TDSS3776.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Temp\TDSS3786.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephane\Local Settings\Temp\TDSS39c8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS46e7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
Il est 00h40...je vais me coucher , j'espere avoir une reponse demain...si c'st pas le cas , je posterai a nouveau une reponse pour voir si quelqu'un repond a mon rapport , voila
Bonne nuit
Bonne nuit
Voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:45, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Stephane\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {e0862d30-ff01-462a-9e99-289e6f707d27} - C:\WINDOWS\system32\bekehutu.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [jijakadipe] Rundll32.exe "C:\WINDOWS\system32\pofokago.dll",s
O4 - HKLM\..\Run: [64a34738] rundll32.exe "C:\WINDOWS\system32\denekilo.dll",b
O4 - HKLM\..\Run: [CPM679074a4] Rundll32.exe "C:\WINDOWS\system32\vabazaja.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPro1000.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O20 - AppInit_DLLs: CLKERN.DLL C:\WINDOWS\system32\yedonuse.dll c:\windows\system32\vabazaja.dll
O21 - SSODL: wmphost - {60FF1F59-D10D-4F47-B407-3DCB74CDC189} - (no file)
O21 - SSODL: wmpdev - {1147C455-ED77-47A1-859E-C89ADBB7AB31} - (no file)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabazaja.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabazaja.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:45, on 04/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\vspc1000.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RayV\RayV\RayV.exe
C:\WINDOWS\VPro1000.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Stephane\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {e0862d30-ff01-462a-9e99-289e6f707d27} - C:\WINDOWS\system32\bekehutu.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [spc1000] C:\WINDOWS\vspc1000.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [jijakadipe] Rundll32.exe "C:\WINDOWS\system32\pofokago.dll",s
O4 - HKLM\..\Run: [64a34738] rundll32.exe "C:\WINDOWS\system32\denekilo.dll",b
O4 - HKLM\..\Run: [CPM679074a4] Rundll32.exe "C:\WINDOWS\system32\vabazaja.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPro1000.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.dlink.com/products/livedemo/plugin/h263ctrl.cab
O20 - AppInit_DLLs: CLKERN.DLL C:\WINDOWS\system32\yedonuse.dll c:\windows\system32\vabazaja.dll
O21 - SSODL: wmphost - {60FF1F59-D10D-4F47-B407-3DCB74CDC189} - (no file)
O21 - SSODL: wmpdev - {1147C455-ED77-47A1-859E-C89ADBB7AB31} - (no file)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabazaja.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\vabazaja.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Je sais pas si mon PC va mieux , peut etre...mais ceci dis , il est vrai que je ne recois pas la pub maintenant de antivirus 2009...en revanche , mon internet ne fonctionne pas tres bien , la plupart des sites dont je n'avais pas accès je ne sais pour quelle raison , je n'y arrive toujours pas a y acceder...j'ai du mal a naviguer comme il faut...
Re,
non, il ne va encore pas bien.
On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.
Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
non, il ne va encore pas bien.
On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.
Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
voila , j'ai fais comme demandé , et au moment du deplacement de l'icone du SP2 sur Combofix , il y a le petit chargement comme il est montrer sur le tuto , mais apres il ne se passe rien...
Pourtant aucun antivirus , anti-spyware , ni pare-feu mis en marche sur le PC...
Pourtant aucun antivirus , anti-spyware , ni pare-feu mis en marche sur le PC...
- 1
- 2
- 3
- 4
Suivant
