Chargement en cours...
Connexion au forum informatique de Sur-la-Toile
La discussion « "t'as vu ta tof sur ce site" 2 » se trouve dans le forum « Virus, troyens, etc... »
Statut de la discussion » "t'as vu ta tof sur ce site" 2 « ( normale)

"t'as vu ta tof sur ce site" 2

Le 11 mai à 20:37 #

Bonjour tout le monde,

je suis atteinds par le virus ,mon ordi plante bcp ,il rame.Je ne peux quasiment rien faire,j'ai bien essayé de lancer msnfix mais rien y fait il plante.j'ai également essayé msncleaner mais il plante également,là j'essaye hijackthis pour vous envoyer un rapport mais je ne promet rien,je suis perdu, ce virus a foutu mon week end en l'air et c'est pas fini ^^
aidez moi svp,par avance je vous remercie.

Le 11 mai à 20:40 #

Quel est ton antivirus?
Essaie de faire tes désinfection en mode sans échec (tapoter F8 au démarrage).

salut

Le 11 mai à 21:49 #

salut GS merci de repondre,si vite d'ailleurs ^^ grace à toi g eu n declic lol ,g donc redemarrer en mode ss echec et g pu effectuer un msnfix et msncleaner,ainsi qu'un hijackthis,mais apres deux tentatives de msnfix il trouve tjrs une infection :s
donc voici les rapports :

-msfix 1er:
MSNFix 1.716

C:\Program Files\MSNFix
Fix exécuté le 11/05/2008 - 21:08:02,25 By Administrateur
mode sans échec

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\% % %^ % % ^% ^%^ ^% ^^%% ^^% %%% ^^^^^^%.exe
... C:\WINDOWS\b???.exe

************************ Recherche les dossiers présents

... C:\Program Files\InetGet2\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\% % %^ % % ^% ^%^ ^% ^^%% ^^% %%% ^^^^^^%.exe
.. OK ... C:\WINDOWS\system32\% % %^ % % ^% ^%^ ^% ^^%% ^^% %%% ^^^^^^%.exe
.. OK ... C:\WINDOWS\system32\% % %^ % % ^% ^%^ ^% ^^%% ^^% %%% ^^^^^^%.exe
.. OK ... C:\WINDOWS\b???.exe


************************ Suppression des dossiers

/!\ ... C:\Program Files\InetGet2\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\User\LOCALS~1\Temp\un.bat
.. OK ... C:\Documents and Settings\User\??????.exe
.. OK ... C:\Documents and Settings\User\????????.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11052008_21185470.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

voici le msnfix en mode windows normal :

MSNFix 1.716

C:\Program Files\MSNFix
Fix exécuté le 11/05/2008 - 21:26:16,70 By User
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

... C:\Program Files\InetGet2\




************************ Suppression des fichiers



************************ Suppression des dossiers

/!\ ... C:\Program Files\InetGet2\


************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11052008_21270950.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

et voici le hiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:02, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Razer\Habu\razerhid.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Razer\Habu\razerofa.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\Spcron\Spcron.dll
O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} - C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8942 bytes

voila la je test un scan avec antivir,il me trouve 6 infections du genre "TR/Crypt.XPACK.Gen" ou"TR/Crypt.ULPM.Gen"

Peut-on m'aider?Que dois-je faire pour eliminer définitivement ce virus de mon ordinateur?

Par avance ,merci.

P.S.:les infection trouvées sous antivir ont été mise en quarantaine sauf une de delete(normalement)

Le 11 mai à 22:30 #

Il faut ABSOLUMENT supprimer WinAntiVirus Pro 2006, c'est un faux antivirus.
Désinstalle le.

Le 12 mai à 01:37 #

voila c'fait ;) merci du conseil j'ai egalement effectuer le scan antivir je pourrai poster son rapport si besoin car mon ordi ne presente plus de probleme en apparence mais je crois qu'il est bien infecter par ttes sorte d virus de type trojan.J'ai également effectuer un combofix (je ne c' pas si il a vraiment marché car je n'etais pas en mode ss echec et je n'ai pas eu d rapport).



Si quelqu'un de bienveillant peux s'occuper de mon cas, je ne demande que ca car je n'aimerai pas qu'il plante de nouveau et niveau virus je ss un newbie :s lol



P.s.: merci à toi dejà GS

P.S.2:msnfix ne detecte plus d'infection ,c'deja ca :)

Ajout du 12-05-2008 à 01:50:

Voici donc le rapport antivir :







Avira AntiVir Personal

Report file date: dimanche 11 mai 2008 21:33



Scanning for 1260844 virus strains and unwanted programs.



Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: FAMILLE



Version information:

BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 11/05/2008 19:31:26

AVSCAN.DLL : 8.1.1.0 53505 Bytes 11/05/2008 19:31:26

LUKE.DLL : 8.1.2.9 151809 Bytes 11/05/2008 19:31:27

LUKERES.DLL : 8.1.2.1 12033 Bytes 11/05/2008 19:31:27

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:31:27

ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 19:31:27

ANTIVIR3.VDF : 7.0.4.25 125952 Bytes 11/05/2008 19:31:27

Engineversion : 8.1.0.42

AEVDF.DLL : 8.1.0.5 102772 Bytes 11/05/2008 19:31:27

AESCRIPT.DLL : 8.1.0.31 262522 Bytes 11/05/2008 19:31:27

AESCN.DLL : 8.1.0.16 119156 Bytes 11/05/2008 19:31:27

AERDL.DLL : 8.1.0.20 418165 Bytes 11/05/2008 19:31:27

AEPACK.DLL : 8.1.1.4 364918 Bytes 11/05/2008 19:31:27

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 11/05/2008 19:31:27

AEHEUR.DLL : 8.1.0.26 1237366 Bytes 11/05/2008 19:31:27

AEHELP.DLL : 8.1.0.14 115063 Bytes 11/05/2008 19:31:27

AEGEN.DLL : 8.1.0.20 299380 Bytes 11/05/2008 19:31:27

AEEMU.DLL : 8.1.0.6 430451 Bytes 11/05/2008 19:31:27

AECORE.DLL : 8.1.0.28 168310 Bytes 11/05/2008 19:31:27

AVWINLL.DLL : 1.0.0.7 14593 Bytes 11/05/2008 19:31:26

AVPREF.DLL : 8.0.0.1 25857 Bytes 11/05/2008 19:31:26

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVREG.DLL : 8.0.0.0 30977 Bytes 11/05/2008 19:31:26

AVARKT.DLL : 1.0.0.23 307457 Bytes 11/05/2008 19:31:26

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 11/05/2008 19:31:26

SQLITE3.DLL : 3.3.17.1 339968 Bytes 11/05/2008 19:31:27

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 11/05/2008 19:31:27

NETNT.DLL : 8.0.0.1 7937 Bytes 11/05/2008 19:31:27

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 11/05/2008 19:31:24

RCTEXT.DLL : 8.0.32.0 86273 Bytes 11/05/2008 19:31:24



Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium



Start of the scan: dimanche 11 mai 2008 21:33



The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'Watch.exe' - '1' Module(s) have been scanned

Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned

Scan process 'PollingModule.exe' - '1' Module(s) have been scanned

Scan process 'Inactivity.exe' - '1' Module(s) have been scanned

Scan process 'Toaster.exe' - '1' Module(s) have been scanned

Scan process 'ComComp.exe' - '1' Module(s) have been scanned

Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned

Scan process 'razerofa.exe' - '1' Module(s) have been scanned

Scan process 'TabUserW.exe' - '1' Module(s) have been scanned

Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned

Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned

Scan process 'Svconr.exe' - '1' Module(s) have been scanned

Module is infected -> 'C:\Program Files\Svconr\Svconr.exe'

Scan process 'steam.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'razerhid.exe' - '1' Module(s) have been scanned

Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned

Scan process 'fwupdate.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'dragdiag.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'zHotkey.exe' - '1' Module(s) have been scanned

Scan process 'StartMessager.exe' - '1' Module(s) have been scanned

Scan process 'InCD.exe' - '1' Module(s) have been scanned

Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'Tablet.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'FWSvc.exe' - '1' Module(s) have been scanned

Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'BTNtService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

Process 'Svconr.exe' has been terminated

C:\Program Files\Svconr\Svconr.exe

[DETECTION] Is the Trojan horse TR/Proxy.Gen

[NOTE] The file was moved to '488a4aac.qua'!



58 processes with 57 modules were scanned



Starting master boot sector scan:

Master boot sector HD0

[INFO] No virus was found!



Start scanning boot sectors:

Boot sector 'C:\'

[INFO] No virus was found!



Starting to scan the registry.



The registry was scanned ( '42' files ).





Starting the file scan:



Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Administrateur\Bureau\catchme.zip

[0] Archive type: ZIP

--> % ^ % ^^^ ^^^% ^^%% ^^^^^^0e+000xe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '489b4a9c.qua'!

C:\Documents and Settings\User\Local Settings\Temp\NI.UWA6PV_0001_N69M2803\setup.exe

[DETECTION] Is the Trojan horse TR/Fakealert.EB.1

[NOTE] The file was moved to '489b4c6c.qua'!

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LF0ZF9D9\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip

[0] Archive type: ZIP

--> b155.exe

[DETECTION] Is the Trojan horse TR/BHO.blh.1

[NOTE] The file was moved to '488c4d61.qua'!

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\LF0ZF9D9\wv[1].exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48824db9.qua'!

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\N4ME6L4N\17PHolmes[1].cmt

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48774db8.qua'!

C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\S4ZT0EVA\bunnyrabbit402008.VIDEO12033.dvd[1].com

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48954e89.qua'!

C:\Documents and Settings\User\Mes documents\costi.axel\ftpexpert3.exe

[DETECTION] Contains detection pattern of the dropper DR/BHO.ajt

[NOTE] The file was moved to '4897505c.qua'!

C:\Program Files\MSNFix\11052008_21185470.zip

[0] Archive type: ZIP

--> backup/b155.exe

[DETECTION] Is the Trojan horse TR/BHO.blh.1

--> backup/mrofinu1423.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

--> backup/mrofinu1423.exe.tmp

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '4857586d.qua'!

C:\Program Files\WinAntiVirus Pro 2006\Activate.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.6

[NOTE] The file was moved to '489b618a.qua'!

C:\Program Files\WinAntiVirus Pro 2006\Updater.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.3

[NOTE] The file was moved to '488b61a0.qua'!

C:\Program Files\WinAntiVirus Pro 2006\VAExt.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.4

[NOTE] The file was moved to '486c6174.qua'!

C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.5

[NOTE] The file was moved to '4895619f.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0147246.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586527.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0148247.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586529.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0149247.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '4858652c.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0150246.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586530.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0151247.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586532.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0152247.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586536.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0153247.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586539.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157248.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '4858653c.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157254.exe

[DETECTION] Is the Trojan horse TR/Trash.Gen

[NOTE] The file was moved to '4858653e.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157255.exe

[DETECTION] Is the Trojan horse TR/BHO.blh.1

[NOTE] The file was moved to '4858653f.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157256.exe

[DETECTION] Is the Trojan horse TR/BHO.blh.1

[NOTE] The file was moved to '48586541.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157312.exe

[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.16

[NOTE] The file was moved to '48586550.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157322.exe

[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.16

[NOTE] The file was moved to '48586555.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157334.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586558.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157335.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '4858655a.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157336.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '4858655c.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157343.exe

[DETECTION] Is the Trojan horse TR/BHO.blh.1

[NOTE] The file was moved to '4858655e.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP696\A0157354.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48586560.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP697\A0157368.exe

[DETECTION] Is the Trojan horse TR/Proxy.Gen

[NOTE] The file was moved to '48586564.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP697\A0157369.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.6

[NOTE] The file was moved to '48586566.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP697\A0157370.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.3

[NOTE] The file was moved to '48586568.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP697\A0157371.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.4

[NOTE] The file was moved to '4858656b.qua'!

C:\System Volume Information\_restore{ADBE5D8A-9058-4EA4-AB3F-69C785337FCD}\RP697\A0157372.exe

[DETECTION] Is the Trojan horse TR/Dldr.FakeAV.A.5

[NOTE] The file was moved to '4858656e.qua'!

C:\WINDOWS\17PHolmes1423.exe

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48776656.qua'!

C:\WINDOWS\b155.MSNFix

[DETECTION] Is the Trojan horse TR/BHO.blh.1

[NOTE] The file was moved to '485c6654.qua'!

C:\WINDOWS\mrofinu1423.exe.MSNFix

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '48966715.qua'!

C:\WINDOWS\mrofinu1423.MSNFix

[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen

[NOTE] The file was moved to '4896671b.qua'!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd2733.sys

[WARNING] The file could not be opened!





End of the scan: dimanche 11 mai 2008 23:56

Used time: 2:22:29 min



The scan has been done completely.



8910 Scanning directories

272018 Files were scanned

43 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

40 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

271975 Files not concerned

2178 Archives were scanned

3 Warnings

40 Notes



voici également le rapport HiJackThis effectué après scan antivir et combofix :





Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:44, on 2008-05-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\nvraidservice.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\PROGRA~1\MESSAG~1\StartMessager.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\lg_fwupdate\fwupdate.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Razer\Habu\razerhid.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Razer\Habu\razertra.exe

C:\Program Files\Razer\Habu\razerofa.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

G:\HiJackThis.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab

O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe



--

End of file - 9259 bytes



Voilà j'arrete la pour ce soir lol mais n'hésitez pas à me dire ce que vous en pensez(mm si g deja ma petite idée sur ce que vs allez dire ;) HELP ME ^^) ,merci @++

Le 14 mai à 10:34 #

bonjour

il reste peu de chose à nettoyer

Télécharger sur le bureau

Malwarebyte's Anti-Malware

= double-clic sur mbam-setup pour lancer l'installation
= Installer simplement sans rien modifier
= Quand le programme lancé ==> cocher Exécuter un examen complet
= Clic Rechercher
= Eventuellement décocher les disque à ne pas analyser
= Clic Lancer l'examen
= En fin de scan , si infection trouvée
==> Clic Afficher résultat
= Fermer vos applications en cours
= Vérifier si tout est coché et clic Supprimer la sélection

un rapport s'ouvre le copier et le coller dans la réponse

Le 14 mai à 18:06 #

ok merci du conseil, je vais voir ca, je posterai le rapport des que possible car je n'ai pas l'ordi concerné ac moi là, mais je posterai ca d'ici quelques jours, merci a++
» Liste des Forums » Virus, troyens, etc...

Navigation


Publicité

Connectés

Il y a actuellement 426 visiteurs et 12 toiliens en ligne.

Recherche

Concours


Sauf mention contraire, le contenu du blog et du forum est sous licence Creative Commons By-Sa. Vous avez le droit de le reproduire à condition de citer l'auteur, de faire un lien vers la page d'origine, et de partager vos travaux dérivés selon les mêmes conditions.

Conditions d'utilisation -

Partenaires: [Informatique Multimédia] [Portail du Maroc] [Actualité High Tech]
[Tutoriaux Photoshop] [éligibilité ADSL] [Astuces Windows]

Page générée en 168 millisecondes sur WWW1.