HELP PLEASE- Virus Comman Service

rad12 -  
 rad12 -
Bonjour,

Je suis complètement desesperée...
Merci à ceux qui vont me lire et me répondre.

J'ai le virus command service, spybot le detecte ms n'arrive pas à le supprimer.
Et j'ai en plus, des fenêtres intempestives, des fausses alertes de sécurité windows pour que je télécharge l'antivirus 2009. J'avais déjà choppé celui là donc je fais bien attention...
Ma connexion est vraiment ralentie et j'ai peur qu ça cause plus de dommages.

Je ne sais vraiment plus quoi faire.
Si qqn pouvait m'aider et m'indiquer la marche à suivre, ce serait vraiment trés sympa.

MERCI D'AVANCE.
Configuration: Windows XP
Internet Explorer 7.0

4 réponses

  1. neor Messages postés 1119 Statut Membre 30
     
    bonsoir

    télécharge HijackThis (outils de dignostic) ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
    1. rad12
       
      Bonjour NEOR,

      Merci beaucoup d'avoir pris le temps de me répondre.
      J'ai suivi la marche à suivre et voici le rapport.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:16:50, on 05/12/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\mqsvc.exe
      C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      C:\WINDOWS\system32\mqtgsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\AVG\AVG8\avgupd.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
      C:\Program Files\Agenda Etam\calendrier.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Program Files\AVG\AVG8\avgchk.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O3 - Toolbar: Mirar - {58A1B29E-CB14-4AAE-9181-699A64DED27A} - C:\WINDOWS\system32\winqc77.dll (file missing)
      O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
      O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
      O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
      O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S48.tmp" /EF "HKLM"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Mon agenda personnel Etam.lnk = C:\Program Files\Agenda Etam\calendrier.exe
      O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Crawler Search - tbr:iemenu
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/24.9/uploader2.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
      O20 - AppInit_DLLs: ,avgrsstx.dll yahkil.dll lhjcsi.dll
      O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      0
  2. neor Messages postés 1119 Statut Membre 30
     
    --------------------rechercher--------------------------

    Important! Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif)

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. rad12
       
      Re bonjour Neor,

      Merci de ta réponse rapide.
      Voici le rapport.

      -----------\\ ToolBar S&D 1.2.6 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
      BIOS : Ver 1.00PARTTBLv
      USER : Radia ( Administrator )
      BOOT : Normal boot
      Antivirus : AVG Anti-Virus Free 8.0 (Activated)
      Firewall : Norton Internet Worm Protection 2006 (Not Activated)
      C:\ (Local Disk) - NTFS - Total:102 Go (Free:30 Go)
      D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
      E:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
      Option : [1] ( 05/12/2008|19:28 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\Program Files\Crawler
      C:\Program Files\Crawler\Download
      C:\Program Files\Crawler\Toolbar
      C:\Program Files\Crawler\Toolbar\adrkeys.dat
      C:\Program Files\Crawler\Toolbar\Cache
      C:\Program Files\Crawler\Toolbar\COMMON_FF.dat
      C:\Program Files\Crawler\Toolbar\confirm.dat
      C:\Program Files\Crawler\Toolbar\ctbcomm.dll
      C:\Program Files\Crawler\Toolbar\ctbr.dll
      C:\Program Files\Crawler\Toolbar\CTConf.dat
      C:\Program Files\Crawler\Toolbar\CTipsDef.dll
      C:\Program Files\Crawler\Toolbar\CToolbar.exe
      C:\Program Files\Crawler\Toolbar\CUpdate.exe
      C:\Program Files\Crawler\Toolbar\firefox
      C:\Program Files\Crawler\Toolbar\Languages
      C:\Program Files\Crawler\Toolbar\lookfor.dat
      C:\Program Files\Crawler\Toolbar\majorse.dat
      C:\Program Files\Crawler\Toolbar\rootmenu.dat
      C:\Program Files\Crawler\Toolbar\services.dat
      C:\Program Files\Crawler\Toolbar\STWSGLanguageAct
      C:\Program Files\Crawler\Toolbar\STWSG_FF.dat
      C:\Program Files\Crawler\Toolbar\TBR5LanguageAct
      C:\Program Files\Crawler\Toolbar\Update
      C:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
      C:\Program Files\Crawler\Toolbar\WSGData
      C:\Program Files\Crawler\Toolbar\Cache\COMMON
      C:\Program Files\Crawler\Toolbar\Cache\STWSG
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_BMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_MENU.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_MENU.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_MENU.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\SHOP_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\TRAVEL_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\WAYBACK_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\COMMON\WP_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_BMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_MENU.dat
      C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_BMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_CHBMP.dat
      C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_MENU.dat
      C:\Program Files\Crawler\Toolbar\firefox\chrome
      C:\Program Files\Crawler\Toolbar\firefox\chrome.manifest
      C:\Program Files\Crawler\Toolbar\firefox\components
      C:\Program Files\Crawler\Toolbar\firefox\install.ini
      C:\Program Files\Crawler\Toolbar\firefox\install.rdf
      C:\Program Files\Crawler\Toolbar\firefox\stwsg_ff.ini
      C:\Program Files\Crawler\Toolbar\firefox\chrome\common.jar
      C:\Program Files\Crawler\Toolbar\firefox\chrome\stwsg.jar
      C:\Program Files\Crawler\Toolbar\firefox\components\xcomm.dll
      C:\Program Files\Crawler\Toolbar\firefox\components\xplugin.xpt
      C:\Program Files\Crawler\Toolbar\firefox\components\xshared.dll
      C:\Program Files\Crawler\Toolbar\firefox\components\xshared.xpt
      C:\Program Files\Crawler\Toolbar\firefox\components\xsupport.dll
      C:\Program Files\Crawler\Toolbar\firefox\components\xsupport.xpt
      C:\Program Files\Crawler\Toolbar\firefox\components\xwsg.dll
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_CS.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_DE.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_EN.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_ES.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_FF.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_FR.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_IT.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_NL.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
      C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_CS.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_DE.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_EN.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_ES.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_FR.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_IT.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_NL.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_PL.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT.cab
      C:\Program Files\Crawler\Toolbar\Languages\TBR5_RU.cab
      C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\info.ini
      C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\language.ini
      C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\info.ini
      C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\language.ini
      C:\Program Files\Crawler\Toolbar\Update\domains.cab
      C:\Program Files\Crawler\Toolbar\WSGData\domains
      C:\Program Files\Crawler\Toolbar\WSGData\g_S-1-5-21-1879776219-3652520567-3643720991-1005.dat
      C:\Program Files\Crawler\Toolbar\WSGData\p_S-1-5-21-1879776219-3652520567-3643720991-1005.dat
      C:\Program Files\Crawler\Toolbar\WSGData\ud_S-1-5-21-1879776219-3652520567-3643720991-1005.dat
      C:\Program Files\Crawler\Toolbar\WSGData\wfilter.dat
      C:\Program Files\Crawler\Toolbar\WSGData\w_S-1-5-21-1879776219-3652520567-3643720991-1005.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
      C:\Program Files\Crawler\Toolbar\WSGData\domains\index.dat
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler

      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="https://www.google.fr/?gws_rd=ssl"
      "Search Page"="https://www.google.com/?gws_rd=ssl"
      "Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"
      "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
      "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60341"
      "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\system32\fMpVCJlm.ini
      C:\WINDOWS\system32\fMpVCJlm.ini2
      C:\WINDOWS\system32\mlJCVpMf.dll
      [b]==> VUNDO <==/b

      --------------------\\ ROOTKIT !!

      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

      --------------------\\ Suspect ..

      C:\WINDOWS\system32\TDSSfmafnmoo.dll
      C:\WINDOWS\system32\TDSSxgicrqow.dat
      C:\WINDOWS\system32\TDSSxjltyctr.log




      1 - "C:\ToolBar SD\TB_1.txt" - 05/12/2008|19:30 - Option : [1]

      -----------\\ Fin du rapport a 19:30:36,01
      0
  3. neor Messages postés 1119 Statut Membre 30
     
    --------------nettoyage----------------------------

    Relance Toolbar-S&D

    Important! Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif)

    en double-cliquant sur le raccourci.
    Tape sur "2" puis valide en appuyant sur "Entrée".
    ! Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    0
  4. rad12
     
    Bonsoir Neor,

    Voici le rapport généré.
    Bon je ne suis pas fortiche, comme vous avez pu le constater!
    Mais je crois lire que AVG est tjrs actif.. Je pensais pourtant l'avoir desactivé.
    Ms je ne le maitrise pas tout à fait (pour ne pas dire pas du tout!) cet anti-virus.
    Je ne l'ai téléchargé que trés recemment aprés tous ces pb de virus.
    Enfin, je vous laisse déchiffer tout ça. MERCI bcp pr l'aide.

    -----------\\ ToolBar S&D 1.2.6 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
    BIOS : Ver 1.00PARTTBLv
    USER : Radia ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    Firewall : Norton Internet Worm Protection 2006 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:102 Go (Free:30 Go)
    D:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
    Option : [2] ( 06/12/2008|19:35 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
    "SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60341"
    "CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341"

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\system32\fMpVCJlm.ini
    C:\WINDOWS\system32\fMpVCJlm.ini2
    [b]==> VUNDO <==/b

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDSSserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

    --------------------\\ Suspect ..

    C:\WINDOWS\system32\TDSSfmafnmoo.dll
    C:\WINDOWS\system32\TDSSxgicrqow.dat
    C:\WINDOWS\system32\TDSSxjltyctr.log

    1 - "C:\ToolBar SD\TB_1.txt" - 05/12/2008|19:30 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 06/12/2008|19:37 - Option : [2]

    -----------\\ Fin du rapport a 19:37:19,04
    0