trojan.vundo
Forum Sécurité - Virus : trojan.vundo
bonjour a tous. depuis quelques jour mon pc est infecté par un virus nommé Trajan.vundo
je n'arrive pas a l'effacé avec norton 2003.
et j'ai trouvé un sité qui en parle mais en anglais si quelqu'un pourrait me traduire. je sais qu'il existe des traducteur mais il me traduira aussi les commande .exe
ou si quelqu'un sait comment l'effacé je sui prenneur.
bonne journée a tous
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
voila le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:17, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\mrofinu2000382.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\gebawtq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A558D247-E2BE-4EB6-9065-CD8E68097C7D} - C:\WINDOWS\system32\sstqo.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BROWSE BAT STORE LOVE] C:\Documents and Settings\All Users\Application Data\Hope army browse bat\remotebore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000382.exe 61A847B5BBF72810329B38557AFB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bash type] C:\DOCUME~1\potdevin\APPLIC~1\DEBUGM~1\grid soap.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/ [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: gebawtq - C:\WINDOWS\SYSTEM32\gebawtq.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10508 bytes
Re,
Télécharge Lop S&D.exe sur ton Bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
- Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
dsl davoir etait long
-----------------------------[ Lop S&D 2.0.1 ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 21/12/2007 | 7:29:35,79 ] [ POTDEVIN-W13DKC ]
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\LauncherAccess.dt
C:\Documents and Settings\All Users\APPLIC~1\Microsoft Corporation
C:\Documents and Settings\All Users\APPLIC~1\Installer.log
C:\Documents and Settings\All Users\APPLIC~1\WebacamSurveyor
C:\Documents and Settings\All Users\APPLIC~1\SSScanAppDataDir
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\SSScanWizard
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Emjysoft
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\TEMP
C:\Documents and Settings\All Users\APPLIC~1\Hope army browse bat
C:\Documents and Settings\All Users\APPLIC~1\Zylom
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Google
C:\Documents and Settings\All Users\APPLIC~1\film01antewin
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Ahead
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\Symantec
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\potdevin\APPLIC~1\Azureus
C:\Documents and Settings\potdevin\APPLIC~1\Canon
C:\Documents and Settings\potdevin\APPLIC~1\Leadertech
C:\Documents and Settings\potdevin\APPLIC~1\My Games
C:\Documents and Settings\potdevin\APPLIC~1\Google
C:\Documents and Settings\potdevin\APPLIC~1\Microsoft
C:\Documents and Settings\potdevin\APPLIC~1\Samsung
C:\Documents and Settings\potdevin\APPLIC~1\Arcsoft
C:\Documents and Settings\potdevin\APPLIC~1\DivX
C:\Documents and Settings\potdevin\APPLIC~1\Shareaza
C:\Documents and Settings\potdevin\APPLIC~1\Identities
C:\Documents and Settings\potdevin\APPLIC~1\wss.ini
C:\Documents and Settings\potdevin\APPLIC~1\Sun
C:\Documents and Settings\potdevin\APPLIC~1\ScanSoft
C:\Documents and Settings\potdevin\APPLIC~1\Macromedia
C:\Documents and Settings\potdevin\APPLIC~1\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\potdevin\APPLIC~1\Apple Computer
C:\Documents and Settings\potdevin\APPLIC~1\DebugMoreRoad
C:\Documents and Settings\potdevin\APPLIC~1\Mozilla
C:\Documents and Settings\potdevin\APPLIC~1\SecondLife
C:\Documents and Settings\potdevin\APPLIC~1\Adobe
C:\Documents and Settings\potdevin\APPLIC~1\InterTrust
C:\Documents and Settings\potdevin\APPLIC~1\vlc
C:\Documents and Settings\potdevin\APPLIC~1\Ahead
C:\Documents and Settings\potdevin\APPLIC~1\Help
C:\Documents and Settings\potdevin\APPLIC~1\desktop.ini
C:\Documents and Settings\potdevin\APPLIC~1\Symantec
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\AA8A559D91A5C9E5.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Adverts
C:\Program Files\Ahead
C:\Program Files\Analog Devices
C:\Program Files\Antipub
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\ATI Technologies
C:\Program Files\Azureus
C:\Program Files\C2Media
C:\Program Files\Canon
C:\Program Files\CDBurnerXP
C:\Program Files\ComPlus Applications
C:\Program Files\DAEMON Tools
C:\Program Files\DebugMoreRoad
C:\Program Files\DivX
C:\Program Files\eMule
C:\Program Files\Everest Poker
C:\Program Files\Fichiers communs
C:\Program Files\Firaxis Games
C:\Program Files\Fsp3demo
C:\Program Files\Google
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kit ADSL
C:\Program Files\Lavalys
C:\Program Files\Logitech
C:\Program Files\Lop SD
C:\Program Files\Macrogaming
C:\Program Files\Maxis
C:\Program Files\MediaMonkey
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\MessengerPlus! 3
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Games
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Mindscape
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSN Toolbar
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\NetMeeting
C:\Program Files\neuf telecom
C:\Program Files\Norton AntiVirus
C:\Program Files\Norton Internet Security
C:\Program Files\Outlook Express
C:\Program Files\PDF Editeur 2
C:\Program Files\PowerISO
C:\Program Files\QuickTime
C:\Program Files\Rockstar Games
C:\Program Files\Samsung
C:\Program Files\ScanSoft
C:\Program Files\SecondLife
C:\Program Files\Services en ligne
C:\Program Files\Shareaza
C:\Program Files\Steam
C:\Program Files\Symantec
C:\Program Files\SymNetDrv
C:\Program Files\Trend Micro
C:\Program Files\VideoLAN
C:\Program Files\Webcam Surveyor
C:\Program Files\WinAVI MP4 Converter
C:\Program Files\Windows Journal Viewer
C:\Program Files\Windows Live
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinISO
C:\Program Files\WinRAR
C:\Program Files\World of Warcraft
C:\Program Files\WowCartographe
C:\Program Files\xerox
C:\Program Files\Zylom Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Blizzard Entertainment
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\LightScribe
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\Nero
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\ScanSoft Shared
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\Symantec Shared
C:\Program Files\Fichiers communs\System
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\Program Files\Adverts
C:\Program Files\C2Media*
C:\WINDOWS\Tasks\AA8A559D91A5C9E5.job
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 07:32:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport a 7:32:45,12 ]----------------------
Re,
Relance Lop S&D
- Choisis cette fois ci l'Option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
re
-----------------------------[ Lop S&D 2.0.1 ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 21/12/2007 | 19:23:19,84 ] [ POTDEVIN-W13DKC ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\Program Files\Adverts
Echec ! - C:\Program Files\C2Media*
Supprimé! - C:\WINDOWS\Tasks\AA8A559D91A5C9E5.job
Restauré! - Fichier Hosts
\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////
Echec ! - C:\Program Files\C2Media*
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\All Users\APPLIC~1\LauncherAccess.dt
C:\Documents and Settings\All Users\APPLIC~1\Microsoft Corporation
C:\Documents and Settings\All Users\APPLIC~1\Installer.log
C:\Documents and Settings\All Users\APPLIC~1\WebacamSurveyor
C:\Documents and Settings\All Users\APPLIC~1\SSScanAppDataDir
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\SSScanWizard
C:\Documents and Settings\All Users\APPLIC~1\Messenger Plus!
C:\Documents and Settings\All Users\APPLIC~1\Emjysoft
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\TEMP
C:\Documents and Settings\All Users\APPLIC~1\Hope army browse bat
C:\Documents and Settings\All Users\APPLIC~1\Zylom
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\Google
C:\Documents and Settings\All Users\APPLIC~1\film01antewin
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Ahead
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\Symantec
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\potdevin\APPLIC~1\Azureus
C:\Documents and Settings\potdevin\APPLIC~1\Canon
C:\Documents and Settings\potdevin\APPLIC~1\Leadertech
C:\Documents and Settings\potdevin\APPLIC~1\My Games
C:\Documents and Settings\potdevin\APPLIC~1\Google
C:\Documents and Settings\potdevin\APPLIC~1\Microsoft
C:\Documents and Settings\potdevin\APPLIC~1\Samsung
C:\Documents and Settings\potdevin\APPLIC~1\Arcsoft
C:\Documents and Settings\potdevin\APPLIC~1\DivX
C:\Documents and Settings\potdevin\APPLIC~1\Shareaza
C:\Documents and Settings\potdevin\APPLIC~1\Identities
C:\Documents and Settings\potdevin\APPLIC~1\wss.ini
C:\Documents and Settings\potdevin\APPLIC~1\Sun
C:\Documents and Settings\potdevin\APPLIC~1\ScanSoft
C:\Documents and Settings\potdevin\APPLIC~1\Macromedia
C:\Documents and Settings\potdevin\APPLIC~1\GDIPFONTCACHEV1.DAT
C:\Documents and Settings\potdevin\APPLIC~1\Apple Computer
C:\Documents and Settings\potdevin\APPLIC~1\DebugMoreRoad
C:\Documents and Settings\potdevin\APPLIC~1\Mozilla
C:\Documents and Settings\potdevin\APPLIC~1\SecondLife
C:\Documents and Settings\potdevin\APPLIC~1\Adobe
C:\Documents and Settings\potdevin\APPLIC~1\InterTrust
C:\Documents and Settings\potdevin\APPLIC~1\vlc
C:\Documents and Settings\potdevin\APPLIC~1\Ahead
C:\Documents and Settings\potdevin\APPLIC~1\Help
C:\Documents and Settings\potdevin\APPLIC~1\desktop.ini
C:\Documents and Settings\potdevin\APPLIC~1\Symantec
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Analog Devices
C:\Program Files\Antipub
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\ATI Technologies
C:\Program Files\Azureus
C:\Program Files\C2Media
C:\Program Files\Canon
C:\Program Files\CDBurnerXP
C:\Program Files\ComPlus Applications
C:\Program Files\DAEMON Tools
C:\Program Files\DebugMoreRoad
C:\Program Files\DivX
C:\Program Files\eMule
C:\Program Files\Everest Poker
C:\Program Files\Fichiers communs
C:\Program Files\Firaxis Games
C:\Program Files\Fsp3demo
C:\Program Files\Google
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Kit ADSL
C:\Program Files\Lavalys
C:\Program Files\Logitech
C:\Program Files\Lop SD
C:\Program Files\Macrogaming
C:\Program Files\Maxis
C:\Program Files\MediaMonkey
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\MessengerPlus! 3
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Games
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Mindscape
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSN Toolbar
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\NetMeeting
C:\Program Files\neuf telecom
C:\Program Files\Norton AntiVirus
C:\Program Files\Norton Internet Security
C:\Program Files\Outlook Express
C:\Program Files\PDF Editeur 2
C:\Program Files\PowerISO
C:\Program Files\QuickTime
C:\Program Files\Rockstar Games
C:\Program Files\Samsung
C:\Program Files\ScanSoft
C:\Program Files\SecondLife
C:\Program Files\Services en ligne
C:\Program Files\Shareaza
C:\Program Files\Steam
C:\Program Files\Symantec
C:\Program Files\SymNetDrv
C:\Program Files\Trend Micro
C:\Program Files\VideoLAN
C:\Program Files\Webcam Surveyor
C:\Program Files\WinAVI MP4 Converter
C:\Program Files\Windows Journal Viewer
C:\Program Files\Windows Live
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinISO
C:\Program Files\WinRAR
C:\Program Files\World of Warcraft
C:\Program Files\WowCartographe
C:\Program Files\xerox
C:\Program Files\Zylom Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\Blizzard Entertainment
C:\Program Files\Fichiers communs\Designer
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\LightScribe
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\Nero
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\ScanSoft Shared
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\Symantec Shared
C:\Program Files\Fichiers communs\System
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\Program Files\C2Media*
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 19:27:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
--------------------[ Fin du rapport a 19:27:12,96 ]----------------------
Reposte un rapport Hijackthis.
Répondre à Angeldark
re
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:35:11, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\mrofinu2000382.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {236D82C1-03ED-4589-AE14-82D70F198DCC} - C:\WINDOWS\system32\sstqo.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E3FBDE2-7DBD-4040-85D9-29BBC559C129} - C:\WINDOWS\system32\gebawtq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BROWSE BAT STORE LOVE] C:\Documents and Settings\All Users\Application Data\Hope army browse bat\remotebore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000382.exe 61A847B5BBF72810329B38557AFB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bash type] C:\DOCUME~1\potdevin\APPLIC~1\DEBUGM~1\grid soap.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/ [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - Winlogon Notify: gebawtq - C:\WINDOWS\SYSTEM32\gebawtq.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10372 bytes
Re,
Désactive tes protections résidentes (antivirus...) !
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
re, dsl de poster que maintenant, j'ai eu un WE bien rempli.
j'ai fais ce que tu m'avais dit de faire avec combofix mais au redemarrage mon ordi a planté j'ai du le reset. depuis le virus n'est pas revenu.
merci beaucoup pour ton aide car elle ma evité de formater
Tu peux retenter Combofix ?
Répondre à Angeldark
Il y a 265 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
