Il y a actuellement 103 visiteurs
Samedi 28 Décembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

ordi xp et IE qui rame , pop up et messages étranges

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

ordi xp et IE qui rame , pop up et messages étranges

Message le 10 Juin 2009 21:33

Bonjour, ma soeur à souscrit à un FAI et était en attente d'ouverture de ligne.

Ce jour , elle me demande de venir pour lui istaller un antivirus car la box à son voyant vert: je lui ai mis ANTIVIR free.

Ensuite , j'ai voulu tester sa connexion , au début IE allait bien, puis il y a eu des fenêtes à gogo de pop ups non sollicités et des petites fenêtre en anglais annonçant des spyware etc.... proposant ok ou annuler : on a choisi de fermer ces fenêtres.

Mais les pop ups sont revenus de plus belles.

Et IE est quasiment plus utilisable : mini 15 min pour voir apparaitre neuf portail (page d'acceuil) et dès fois on arrive même pas à y aller.

J'ai donc fait un scan antivir free (après mise à jour) et il a détecté 312 objets genre spywares, trojans.

Puis il a proposé corriger ou annuler , on a fait "corriger" .

Entre deux, on a essayé d'aller sur windows update pour y mettre à jour son OS (xp familly) mais IE rame trop on arrive pas à y aller.

Il me semble que certains certificats IE sont louches , genre "secure.xxxx (je sais plus le nom ).com etc......

Quelles autres procédures suivre?

Faut il faire hijackthis ou autres et publier les logs?

Merci
rocc
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 130
Inscription: 11 Mai 2008 16:51
 


Message le 10 Juin 2009 22:49

Bonjour.


1_ Tu suis ce tutorial et tu nous postes le rapport généré.


2_ Tu télécharges Malwarebytes' Anti-Malware, tu l'installes puis tu procèdes à sa mise à jour.

Tu lances l'application en double-cliquant sur l'icône Malwarebytes' Anti Malware.

Tu cliques ensuite sur Exécuter un examen complet puis tu lances l'analyse en cliquant sur Rechercher.

_ Si l'utilitaire ne trouve rien de néfaste, cliques sur Ok. Le Bloc-notes va s'ouvrir avec le rapport d'analyse, celui-ci n'est pas intéressant car la machine est propre.
Tu peux fermer le Bloc-notes.

_ Si l'utilitaire trouve des éléments suspects, tu cliques sur Afficher les résultats puis sur Supprimer la sélection.
Tu enregistres le rapport d'analyse que tu nous copies-colles dans ton prochain message.

Il est possible que le programme te demande de redémarrer pour effectuer des suppressions supplémentaires, tu acceptes le redémarrage volontaire en cliquant sur Ok.
Avatar de l'utilisateur
r@in | b0w
PC-Infopraticien
PC-Infopraticien
 
Messages: 7714
Inscription: 09 Déc 2007 12:37
Localisation: Parrot Sec
 

Message le 11 Juin 2009 15:40

slt, ma soeur a accepté de me filer son ordi pour scanner, analyser et publier facilement les logs , rapports via mon pc sain à accés internet .

dois je désactiver la restauration xp avant toute désinfection de Malwarebytes' Anti-Malware ou hijackthis ?

Sinon Malwarebytes' Anti-Malware est en cours de scan et il a détecte des saletés à gogo et ça continue !!!!
j'ai pas pu le mettre à jour ,un message apparait disant que le pc de ma soeur n'a pas d'accès réseau alors que j'y est connecté ma box en ethernet (même FIA) et quej'ai réussi à mettre à jour Antivir!!!! la mise à jour de la version téléchargée est de 26/05 /2009 donc c'est très récent quand même .

voici le rapport hijackthis (je l'ai renommé killspy avant son lancement)

faite pas gaffe à l'heure du pc mais la pile est morte.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:14:44, on 01/01/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesJavajre6injqs.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesVIAVIAudioiSBADeckADeck.exe
C:Program FilesJavajre6injusched.exe
C:WINDOWSvVX1000.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and Settingsestelle.ESTELLE-AFD6537Bureaukillspy.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.neufportail.fr/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeHSSSearchURLHookSearchPageURL.dll (file missing)
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O1 - Hosts: 82.98.231.89 googleads2.gdoubleclick.net
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {d586a753-f65f-4c62-a40b-24ed0b18c9a6} - C:WINDOWSsystem32hejapive.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:Program FilesExcellentAdDisplayExcellentAdDisplay.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [zegenumulo] Rundll32.exe "C:WINDOWSsystem32dukovolo.dll",s
O4 - HKLM..Run: [f4d07091] rundll32.exe "C:WINDOWSsystem32yoguyutu.dll",b
O4 - HKLM..Run: [CPMf7e3430d] Rundll32.exe "c:windowssystem32fihasine.dll",a
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSys
O20 - Winlogon Notify: f4d0703e598 - C:WINDOWSSystem32dsprop32.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fihasine.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fihasine.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6injqs.exe

--
End of file - 8118 bytes
rocc
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 130
Inscription: 11 Mai 2008 16:51
 

Message le 11 Juin 2009 15:52

A supprimer :

C:Documents and Settingsestelle.ESTELLE-AFD6537Bureaukillspy.exe
O1 - Hosts: 82.98.231.89 url.adtrgt.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSearchHelper.dll (file missing)
O2 - BHO: (no name) - {d586a753-f65f-4c62-a40b-24ed0b18c9a6} - C:WINDOWSsystem32hejapive.dll
O2 - BHO: ExcellentAdDisplay - {F31C8969-83E7-A513-2E11-CB6D1837C2CB} - C:Program FilesExcellentAdDisplayExcellentAdDisplay.dll (file missing)
O4 - HKLM..Run: [zegenumulo] Rundll32.exe "C:WINDOWSsystem32dukovolo.dll",s
O4 - HKLM..Run: [f4d07091] rundll32.exe "C:WINDOWSsystem32yoguyutu.dll",b
Inconnu
O4 - HKLM..Run: [CPMf7e3430d] Rundll32.exe "c:windowssystem32fihasine.dll",a


O20 - AppInit_DLLs: C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSystem32dsprop32.dll C:WINDOWSSys


O20 - Winlogon Notify: f4d0703e598 - C:WINDOWSSystem32dsprop
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fihasine.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32fihasine.dll


_ Ensuite télécharger et installe la version 8 de IE : .::ICI::.
_ Puis le SP3 de windows XP : .::ICI:..
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9541
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Message le 11 Juin 2009 16:32

Bonjour.

DouDou9455 a écrit:A supprimer :

[b]C:Documents and Settingsestelle.ESTELLE-AFD6537Bureaukillspy.exe


Hihi, c'est HiJackThis :lol:

Pas bien réveillé?

Quand Mbam est fini, fais parvenir le rapport et relance-le de toute façon pour qu'il continue les suppressions.

Fais parvenir à chaque fois les rapports jusqu'à ce qu'il n'en reste plus.
Avatar de l'utilisateur
r@in | b0w
PC-Infopraticien
PC-Infopraticien
 
Messages: 7714
Inscription: 09 Déc 2007 12:37
Localisation: Parrot Sec
 

Message le 11 Juin 2009 16:38

Autant pour moi j'ai rouillé un peut après une période d'inactivité :)
Merci pour la rectification R|B ;)
Avatar de l'utilisateur
DouDou9455
PC-Infopraticien
PC-Infopraticien
 
Messages: 9541
Inscription: 03 Nov 2007 17:50
Localisation: In Your Brain
 

Message le 11 Juin 2009 19:16

J'ai fait le fix hijack en mode normal mais ça semble persister, toujours des messages spywares etc..... avec option ok ou annuler

par contre j'ai installer IE8 et le sp3, mais j'arrive pas à aller sur microsoft upadte car message d'erreur :


[Numéro d'erreur : 0x80072F78

En ce moment , je fais malwarebytes en mode sans échec full scan , il en trouve déjà 54 saletés en 16min





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:11:25, on 11/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesJavajre6injqs.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32alg.exe
C:Program FilesVIAVIAudioiSBADeckADeck.exe
C:Program FilesJavajre6injusched.exe
C:WINDOWSvVX1000.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:WINDOWSsystem32 undll32.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWindows LiveToolbarwltuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32 undll32.exe
C:Documents and Settingsestelle.ESTELLE-AFD6537Bureaukillspy.exe
C:WINDOWSsystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.01net.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.01net.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeHSSSearchURLHookSearchPageURL.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {d586a753-f65f-4c62-a40b-24ed0b18c9a6} - C:WINDOWSsystem32hejapive.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [CPMf7e3430d] Rundll32.exe "c:windowssystem32 oyoyavi.dll",a
O4 - HKLM..Run: [f4d07091] rundll32.exe "C:WINDOWSsystem32gukehere.dll",b
O4 - HKLM..Run: [zegenumulo] Rundll32.exe "C:WINDOWSsystem32dukovolo.dll",s
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:WINDOWSSystem32dsprop32.dll c:windowssystem32 oyoyavi.dll,C:WINDOWSSystem32dsprop32.dll,C:WINDOWSsystem32zoyageze.dll
O20 - Winlogon Notify: f4d0703e598 - C:WINDOWSSystem32dsprop32.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32 oyoyavi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:windowssystem32 oyoyavi.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6injqs.exe

--
End of file - 8156 bytes
rocc
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 130
Inscription: 11 Mai 2008 16:51
 

Message le 11 Juin 2009 19:38

Fixer les lignes ne fait rien de concret, c'est au niveau de la base de registre.

Mbam fait le ménage, poste le rapport quand il a fini!
Avatar de l'utilisateur
r@in | b0w
PC-Infopraticien
PC-Infopraticien
 
Messages: 7714
Inscription: 09 Déc 2007 12:37
Localisation: Parrot Sec
 

Message le 11 Juin 2009 20:57

Malwarebytes fait en sans echec puis traitement:

voici le log

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2182
Windows 5.1.2600 Service Pack 3

11/06/2009 21:43:00
mbam-log-2009-06-11 (21-43-00).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 162059
Temps écoulé: 1 hour(s), 15 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 26
Fichier(s) infecté(s): 179

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:WINDOWSsystem32zoyageze.dll (Trojan.Vundo.H) -> Delete on reboot.
c:WINDOWSsystem32 oyoyavi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32dsprop32.dll (Worm.P2P) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d586a753-f65f-4c62-a40b-24ed0b18c9a6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{d586a753-f65f-4c62-a40b-24ed0b18c9a6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOTCLSID{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyf4d0703e598 (Worm.P2P) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallExcellentAdDisplay (Adware.ExcellentAdDisplay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOTAppIDExcellentAdDisplay.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallPlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftcontim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftdslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoft dfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunf4d07091 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRuncpmf7e3430d (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunzegenumulo (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadssodl (Trojan.Vundo.H) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32zoyageze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSANotification Packages (Trojan.Vundo.H) -> Data: c:windowssystem32zoyageze.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Trojan.Vundo.H) -> Data: c:windowssystem32 oyoyavi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindowsAppInit_DLLs (Worm.P2P) -> Data: c:windowssystem32dsprop32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterUpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:Program FilesMyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharAvatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharGame (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharHistory (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharicons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessage (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesFunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverImages (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsShared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsSharedCache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:Program FilesWebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayer esources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayerskins (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayerupdates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:Program FilesPlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:Program FilesMoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
C:WINDOWSsystem32SystemService32 (Worm.Archive) -> Quarantined and deleted successfully.
C:Program FilesExcellentAdDisplay (Adware.ExcellentAdDisplay) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:WINDOWSsystem32gukehere.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:WINDOWSsystem32erehekug.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:WINDOWSsystem32 oyoyavi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32dukovolo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32hejapive.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:documents and settingsestellelocal settingsapplication dataqckwqmy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:documents and settingsestellelocal settingsapplication dataqckwqmy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:documents and settingsestellelocal settingsapplication dataqckwqmy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:documents and settingsestellelocal settingsapplication dataqckwqmy.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:WINDOWSsystem32zoyageze.dll (Trojan.Vundo.H) -> Delete on reboot.
C:WINDOWSsystem32dsprop32.dll (Worm.P2P) -> Delete on reboot.
c:documents and settingsestelle.estelle-afd6537Bureauackupsackup-20090611-181614-878.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:program filesinternet explorermsimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3HIGHIN.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3HTML.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3IDLE.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3IMPIPE.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3MEDINT.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3MSG.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3OUTLCN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3PLUGIN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3SKIN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3SKPLAY.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3SLSRCH.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3SRCHMN.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binMWSBAR.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binMWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binMWSOEPLG.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binMWSOESTB.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binMWSSRCAS.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binMWSSVC.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binNPMYWEBS.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
c:program filesPlayMP3zPlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:program fileswindows livemessenger iched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:system volume information\_restore{5ed304ca-1589-4f7a-8ec7-5c6a04e58534}RP148A0061948.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:system volume information\_restore{5ed304ca-1589-4f7a-8ec7-5c6a04e58534}RP97A0031456.DLL (Adware.FunWeb) -> Quarantined and deleted successfully.
c:system volume information\_restore{5ed304ca-1589-4f7a-8ec7-5c6a04e58534}RP97snapshotMFEX-1.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP10A0002001.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP23A0007577.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP38A0015067.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031054.exe (Worm.P2P) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031058.exe (Worm.P2P) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031059.exe (Worm.P2P) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031060.exe (Worm.P2P) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031061.exe (Worm.P2P) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031063.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031064.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031065.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031066.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031067.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031069.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031071.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031074.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031075.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031076.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031077.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031078.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031081.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031083.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031084.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031085.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031086.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031087.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031088.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031089.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031090.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031094.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031095.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031096.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP65A0031097.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP66A0032158.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:system volume information\_restore{688a9983-81e5-4206-9fc1-e15177c9da06}RP9A0001997.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
c:WINDOWSsystem32DD.tmp (Worm.P2P) -> Quarantined and deleted successfully.
c:WINDOWSsystem32fihasine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:WINDOWSsystem32wasodoku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binF3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binFWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchar1.binM3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharAvatarCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache0518727 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache0C2F3E5.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1A48ED7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1A4963A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1A4B480.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1A4DAD4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1AFAB43.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1AFB1CB.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1AFB565.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1AFB749.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCache1AFB8D0 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharCachefiles.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharGameCHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharGameCHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharGameREVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharHistorysearch3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchariconsCM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchariconsMFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchariconsPSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchariconsSMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchariconsWB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearchariconsWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONautoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONautoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONcenter.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONindex.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONmid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONmws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONprotect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONshocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONstop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONsystray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONsystrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMON p_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharMessageCOMMONwarn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierCOMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierDOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierFISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierKUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierLIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierMAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierMAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierOPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierSEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharNotifierSURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharSettingsprevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharSettingssetting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharSettingssettings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesmywebsearcharSettingss_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverCache1AEB366.swf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverCachefiles.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverImages1A46110.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverImages1AEA481.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverImages1AECB82.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsscreensaverImageswrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsSharedCacheCursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsSharedCacheMyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsSharedCacheSmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program filesfunwebproductsSharedCacheWebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:program fileswebmediaplayersqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayeruninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayerWebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayer esourceswmp_translation_file.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program fileswebmediaplayerskinsclassic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:program filesPlayMP3zuninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
c:program filesmorerelevantadvertisingprogramuninstall.exe (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32165.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32166.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32167.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32168.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32169.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32170.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32171.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:WINDOWSsystem32systemservice32172.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:program filesexcellentaddisplayuninstall.exe (Adware.ExcellentAdDisplay) -> Quarantined and deleted successfully.
c:WINDOWSsystem32D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:WINDOWSsystem32E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:documents and settingsestelle.estelle-afd6537Bureaukillspy.exe (Rogue.KillSpy) -> Quarantined and deleted successfully.
C:WINDOWSsystem32wogutopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.




puis rédémarrage normal et log hijackthis ;


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:26, on 11/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesJavajre6injqs.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesVIAVIAudioiSBADeckADeck.exe
C:Program FilesJavajre6injusched.exe
C:WINDOWSvVX1000.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Documents and Settingsestelle.ESTELLE-AFD6537Bureaukillspy.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.01net.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.01net.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer fourni par IE 8 FOURNI PAR 01NET.COM
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:Program FilesOrangeHSSSearchURLHookSearchPageURL.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.3572swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6injp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O4 - HKLM..Run: [AudioDeck] C:Program FilesVIAVIAudioiSBADeckADeck.exe 1
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6injusched.exe"
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKCU..Run: [CTFMON.EXE] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: ,
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6injqs.exe

--
End of file - 6914 bytes




Est ce ok, ou faut il faire autre chose (ps, j'ai fait ccleaner et lancé jv16tools puis viré les registres verts) ?
rocc
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 130
Inscription: 11 Mai 2008 16:51
 

Message le 11 Juin 2009 21:43

Tu relances Mbam jusqu'à ce qu'il ne trouve plus rien.

Si au bout de deux analyses consécutives tu trouves les même fichiers, tu postes le rapport.

Quand tout sera clean, on aura besoin d'un log HiJackThis. Pour l'instant, c'est totalement inutile ;)
Avatar de l'utilisateur
r@in | b0w
PC-Infopraticien
PC-Infopraticien
 
Messages: 7714
Inscription: 09 Déc 2007 12:37
Localisation: Parrot Sec
 

Message le 12 Juin 2009 16:17

Malwarebytes n'a plus rien détecté, ma soeur a voulu récupérer son pc , ça a l'air d'aller.

Je lui ai mis le SP3, IE8 et tous les mises à jour recommandées windows .

Je lui ai activé la mise à jour auto de windows .

si par malheur ça recommence, je n'hésiterai pas à revenir vous voir.

Merci pur tout
rocc
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 130
Inscription: 11 Mai 2008 16:51
 

Message le 13 Juin 2009 09:52

Bonjour.

r@in | b0w a écrit:Quand tout sera clean, on aura besoin d'un log HiJackThis.


Ensuite, on validera la désinfection.
Avatar de l'utilisateur
r@in | b0w
PC-Infopraticien
PC-Infopraticien
 
Messages: 7714
Inscription: 09 Déc 2007 12:37
Localisation: Parrot Sec
 

Message le 13 Juin 2009 12:07

Slt, je ne sais pas si c'est lié à la suppression de pas mal de saletés avec malwarebyte ou au fix de hijackthis ou avoir viré les registres vert avec jv16tools free , mais ma soeur n'arrive plus à se connecter à windows live ou msn v7.
Le message suivant apparait: "...........windows live n'a pas pu se connecter au service, ce service est indisponible, veuillez essayer plus tard etc....." détail: code erreur 8008051 ou 80046820

alors que depuis chez moi à 1 km, windows live ou msn fonctionne , pourquoi ?

quand son ordi était chez moi, j'ai supprimé les comptes pré enregistrés msn/live de l'ancien proprio du pc car quand on lancait ces programmes de messageries instantanés, les cases noms d'utilisateurs et mots de passe étaient préremplis des noms des anciens utilisateurs.

Edit de 13h53, comme la pile du pc est hs , à chaque redémarrage de ce dernier il retourne en 2002 et donc msn refuse de se connecter

Donc fallait remettre à jour date et heure, c'est tout con !!!!
rocc
Apprenti(e) Expert(e)
Apprenti(e) Expert(e)
 
Messages: 130
Inscription: 11 Mai 2008 16:51
 

Message le 14 Juin 2009 22:04

Bonjouur.

Ok pour le retour.

Pour terminer la désinfection et optimiser Windows:


_ Désinstallation des utilitaires utilisés:

Les programmes utilisés pour la désinfection ne sont pas à utiliser quotidiennement.

Pour les désinstaller, il faut aller dans le Panneau de configuration puis, via Ajouter/Supprimer des programmes, sélectionner les utilitaires et cliquer sur Désinstaller.

Pour une suppression effective, penses à supprimer leurs dossiers respectifs, la plupart à la racine de ta partition principale.


_ Utilisation d'un navigateur internet alternatif:

Internet Explorer n'étant pas sûr, il est préférable d'installer un navigateur internet alternatif pour sécuriser ton surf.

Tu as le choix entre Mozilla Firefox, Apple Safari ou encore Opéra.

Il faudra ensuite définir ce navigateur internet alternatif comme navigateur par défaut.


_ Utilisation d'un pare-feu alternatif:

Il est recommandé de ne pas utiliser le pare-feu Windows et d'en prendre un plus efficace.

Le choix est large: Zone Alarm, Sunbelt, Ashampoo ou encore Sygate.

Après avoir sélectionné le pare-feu idéal, il faudra désactiver celui de Windows.


_ Nettoyage des points de restauration:

Dans un premier temps, il faut supprimer tous les points de restauration.

Pour cela, cliques sur Poste de travail puis Propriétés.
Onglet Restauration automatique du système, tu coches la ligne Désactiver la restauration du système puis tu valides par Ok.
Tu confirmes la suppression de tous les points de restauration, puis tu cliques sur Appliquer et/ou Ok.

Ensuite, il faut réactiver la restauration automatique du système.

Tu refais la manipulation précédente pour relancer les propriétés du Poste de travail.
Tu décoches la ligne puis cliques sur Appliquer & Ok.

Tu auras créer un point de restauration propre.


_ Nettoyage des fichiers temporaires & de la base de registre:

Pour cela, Ccleaner reste le moyen le plus sûr et pratique de tout nettoyer sans risques.

En suivant ce tutorial, cet utilitaire sera configuré correctement.

Il est aussi utile de purger régulièrement le dossier Prefetch en profitant de Ccleaner pour automatiser ce nettoyage.
Pour cela, il faut aller dans Options puis Personnaliser pour ajouter le dossier C:WindowsPREFETCH.


_ Un petit coup d'oeil à notre dossier Nettoyage peut être utile en supplément.

Et finalement, pour optimiser Windows XP, ce sujet sera intéressant.
Avatar de l'utilisateur
r@in | b0w
PC-Infopraticien
PC-Infopraticien
 
Messages: 7714
Inscription: 09 Déc 2007 12:37
Localisation: Parrot Sec
 



Sujets similaires

Message Pourquoi mon ordi rame comme ça ?
Peut-être y a un truc à faire pour booster un peu les performances, genre un réglage caché qu?on connaît pas tous, mais franchement j?suis pas sûr. On voit plein de trucs qui promettent d?accélérer les systèmes, mais est-ce que c?est pas juste du vent au final ? Vous avez déjà testé des méthodes un ...
Réponses: 2

Message Configuration ordi travail
Bonjour à tous,En 2009 j'ai monté ça : - Boîtier : Antec NSK4480B-II avec alimentation Earthwatt 380W - Carte mère : ASUS P5QL-E (C2D + DDR2 + PCI-E) - Processeur : INTEL Core2 Duo E8400 (3.0 DualCore LGA775) - Ventirad CPU : Cooler Master Hyper TX3 S775/1156 - Mémoire : 2x2 Go DDR2-800 PC6400 Corsa ...
Réponses: 19

Message Vos Pires Messages d'erreur du PC
ICI mettez Vos pires messages d'erreur que votre pc a generé. Voila moi je commence. juste il y a 10 minutes en démarrent mon pc: Rundll32 ne fonctionne plus en plus avant j'en ai eu d'autre mais que j'ai fermé: Les Voila: Microsoft Visual++ était aussi de la partie et Kapersky a aussi foiré ...
Réponses: 355

Message Redmi 8 vers ordi portable
Bonjour,J'ai un téléphone REDMI 8, et je souhaite utiliser l'internet de celui-ci sur mon ordi portable (win10), et profiter d'un écran plus confortable.Mais ça ne fonctionne pas.Est-il possible d'utiliser un transmetteur "CHROMECAST" pour solutionner le problème ?Merci pour vos lumières. ...
Réponses: 1

Message [Réglé] Demande conseil ordi à la carte avec tour existante
Mon projet :acheter un ordi de bureau d'occasion et changer si besoin des composants pour l'améliorer.Carte (Gigabyte ?) ATOMX2 18 200 500 GOProcess AMD A4-4000 APU avec Radeon HD graphicRAM 4 Go installéAnnée 2011Des questions générales :L'écran a une connexion VGA, si je mets une Carte Mère récent ...
Réponses: 12

Message PC QUI RAME
Bonjour a tous , ayant suivi les indications voici le rapport https://cjoint.com/c/MCAlt74EdpY.Merci d'avance pour l'aide
Réponses: 1

Message [Réglé] suppression des messages dans gmail
Bonjour, existe t'il une méthode pour supprimer les messages en grands nombre dans Gmail. Par exemple touts les messages d'avant une certaine date ? J'ai essayé notamment avec ceci dans la barre de recherche "before:2018/1/1" mais ça ne fonctionne pas. Merci.
Réponses: 5


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.