virus tratbho et sinowal
Forum Sécurité - Virus : virus tratbho et sinowal
bonjour voila jai deux virus tratbho et sinowal et je ne sais pas le supprimer car je suis pas tré bon pouvez vous m'aidé svp
Salut,
Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
Répondre à XmichouX
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:00, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5ED18789EAE6F2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkjhfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\Book log.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bat help] C:\DOCUME~1\FRANOI~1\APPLIC~1\BARBJU~1\bore skip.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C37C416-6A4F-44C0-BA30-CB476F422F76}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: jkkjhfg - C:\WINDOWS\SYSTEM32\jkkjhfg.dll
O21 - SSODL: drivers - {0A92B925-E49B-4952-B205-D0FDF8C5F55C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 7241 bytes
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49:00, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5ED18789EAE6F2A1FBB39BFE4976E26CAEDA120180A196D6093 - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\jkkjhfg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bait deaf idle setup] C:\Documents and Settings\All Users\Application Data\Htm Support Bait Deaf\Book log.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [bat help] C:\DOCUME~1\FRANOI~1\APPLIC~1\BARBJU~1\bore skip.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C37C416-6A4F-44C0-BA30-CB476F422F76}: NameServer = 212.27.54.252,212.27.53.252
O20 - Winlogon Notify: jkkjhfg - C:\WINDOWS\SYSTEM32\jkkjhfg.dll
O21 - SSODL: drivers - {0A92B925-E49B-4952-B205-D0FDF8C5F55C} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 7241 bytes
Re,
Télécharge VundoFix.exe (d’ Atribune):
Double-clique VundoFix.exe .
Clique sur Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Ensuite clique sur YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu auras un message comme quoi l’ordinateur va s’éteindre, fais ok
Poste le rapport qui se trouve dans C:\vundofix.txt
Répondre à XmichouX
voila le rapport
VundoFix V6.5.4
Checking Java version...
Scan started at 20:03:28 27/02/2008
Listing files found while scanning....
C:\WINDOWS\system32\jkkjhfg.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkjhfg.dll
C:\WINDOWS\system32\jkkjhfg.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Re,
Je n'avais pas vu, tu as une autre infection.
Télécharge Lop S&D.exe ( d’ Eric 71 & Angeldark ) sur ton bureau. ~>Tuto<~
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton bureau (Si tu es sous Vista, clique droit -> exécuter en tant qu'admin)
- Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
- Patiente jusqu'à la fin du scan
- Poste le rapport généré ( C:\lopR.txt )
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
********
Télécharge BTFix (de Bibi26)
Dézippe le sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, poste le ici.
Répondre à XmichouX
KLE RAPPORT DE lop
-----------------------------[ Lop S&D 4.0.0 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : fran‡oise ] [ "C:\Lop SD" ]
[ 27/02/2008 | 20:34:41,73 ] [ PC : UNICORNI-86890B ]
[ MAJ : 26-02-2008 | 19:30 ]
-------------[ Listing des dossiers dans Application Data ]------------
[11/01/2008|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[11/01/2008|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[22/11/2007|21:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
[09/05/2007|21:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/10/2007|21:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BufferZone
[06/04/2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[06/04/2007|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[22/02/2008|03:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
[14/02/2008|23:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[11/01/2008|20:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[17/11/2007|06:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[17/11/2007|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[06/04/2007|17:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[17/06/2007|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[11/01/2008|20:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skyline
[06/04/2007|18:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[06/08/2007|18:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\window five meal this
[04/05/2007|22:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/01/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZangoSA
[21/04/2007|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[06/04/2007|18:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[06/04/2007|18:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[06/04/2007|18:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[06/04/2007|16:57] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[11/01/2008|20:29] C:\DOCUME~1\FRANOI~1\APPLIC~1\.
[11/01/2008|20:29] C:\DOCUME~1\FRANOI~1\APPLIC~1\..
[24/08/2007|22:00] C:\DOCUME~1\FRANOI~1\APPLIC~1\Adobe
[07/04/2007|13:14] C:\DOCUME~1\FRANOI~1\APPLIC~1\AdobeAUM
[09/05/2007|21:31] C:\DOCUME~1\FRANOI~1\APPLIC~1\AdobeUM
[01/07/2007|21:17] C:\DOCUME~1\FRANOI~1\APPLIC~1\Ahead
[22/02/2008|03:25] C:\DOCUME~1\FRANOI~1\APPLIC~1\Barbjunkloud
[06/04/2007|18:50] C:\DOCUME~1\FRANOI~1\APPLIC~1\desktop.ini
[09/04/2007|13:39] C:\DOCUME~1\FRANOI~1\APPLIC~1\DivX
[26/12/2007|08:49] C:\DOCUME~1\FRANOI~1\APPLIC~1\Documents and Settings
[03/07/2007|12:50] C:\DOCUME~1\FRANOI~1\APPLIC~1\dvdcss
[22/06/2007|20:01] C:\DOCUME~1\FRANOI~1\APPLIC~1\Google
[02/07/2007|00:10] C:\DOCUME~1\FRANOI~1\APPLIC~1\Help
[10/05/2007|14:59] C:\DOCUME~1\FRANOI~1\APPLIC~1\Identities
[04/09/2007|03:57] C:\DOCUME~1\FRANOI~1\APPLIC~1\InstallShield
[21/04/2007|20:43] C:\DOCUME~1\FRANOI~1\APPLIC~1\iWin
[06/04/2007|19:03] C:\DOCUME~1\FRANOI~1\APPLIC~1\Macromedia
[29/09/2007|15:34] C:\DOCUME~1\FRANOI~1\APPLIC~1\Microsoft
[06/04/2007|18:11] C:\DOCUME~1\FRANOI~1\APPLIC~1\Mozilla
[06/04/2007|20:06] C:\DOCUME~1\FRANOI~1\APPLIC~1\MSNInstaller
[17/04/2007|22:57] C:\DOCUME~1\FRANOI~1\APPLIC~1\Sun
[08/05/2007|20:09] C:\DOCUME~1\FRANOI~1\APPLIC~1\vlc
[26/12/2007|21:25] C:\DOCUME~1\FRANOI~1\APPLIC~1\Zango
[10/05/2007|14:59] C:\DOCUME~1\FRANOI~1\APPLIC~1\Zylom
[14/05/2007|21:14] C:\DOCUME~1\LATITI~1\APPLIC~1\.
[14/05/2007|21:14] C:\DOCUME~1\LATITI~1\APPLIC~1\..
[15/04/2007|23:54] C:\DOCUME~1\LATITI~1\APPLIC~1\Adobe
[15/04/2007|23:54] C:\DOCUME~1\LATITI~1\APPLIC~1\AdobeAUM
[15/04/2007|23:54] C:\DOCUME~1\LATITI~1\APPLIC~1\AdobeUM
[10/04/2007|18:33] C:\DOCUME~1\LATITI~1\APPLIC~1\Ahead
[14/05/2007|21:34] C:\DOCUME~1\LATITI~1\APPLIC~1\Babylon
[06/08/2007|19:00] C:\DOCUME~1\LATITI~1\APPLIC~1\Barbjunkloud
[06/04/2007|18:50] C:\DOCUME~1\LATITI~1\APPLIC~1\desktop.ini
[10/04/2007|18:33] C:\DOCUME~1\LATITI~1\APPLIC~1\DivX
[22/04/2007|14:24] C:\DOCUME~1\LATITI~1\APPLIC~1\Identities
[14/04/2007|13:48] C:\DOCUME~1\LATITI~1\APPLIC~1\Macromedia
[19/04/2007|20:13] C:\DOCUME~1\LATITI~1\APPLIC~1\Microsoft
[15/04/2007|22:15] C:\DOCUME~1\LATITI~1\APPLIC~1\Mozilla
[16/04/2007|20:12] C:\DOCUME~1\LATITI~1\APPLIC~1\Screenshot Sender
[14/04/2007|20:54] C:\DOCUME~1\LATITI~1\APPLIC~1\Sun
[04/05/2007|22:56] C:\DOCUME~1\LATITI~1\APPLIC~1\vlc
[22/04/2007|14:24] C:\DOCUME~1\LATITI~1\APPLIC~1\Zylom
[06/04/2007|17:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[06/04/2007|17:01] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[19/06/2007|19:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[06/04/2007|17:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[06/04/2007|17:01] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[06/04/2007|16:57] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[27/02/2008 20:00][--ah-----] C:\WINDOWS\tasks\E457E8678E74817B.job
[27/02/2008 20:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
[24/08/2001 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[27/02/2008|18:59] C:\Program Files\.
[27/02/2008|18:59] C:\Program Files\..
[06/04/2007|18:06] C:\Program Files\Adobe
[06/08/2007|19:07] C:\Program Files\Adverts
[06/04/2007|17:37] C:\Program Files\Alwil Software
[13/07/2007|15:57] C:\Program Files\Atlantis3D
[22/02/2008|03:24] C:\Program Files\Barbjunkloud
[30/01/2008|19:08] C:\Program Files\BitTorrent Fastest Tool
[23/12/2007|09:46] C:\Program Files\Circle Developement
[06/04/2007|16:55] C:\Program Files\ComPlus Applications
[23/06/2007|20:53] C:\Program Files\Datel
[06/04/2007|17:47] C:\Program Files\DivX
[27/02/2008|15:25] C:\Program Files\eMule
[06/04/2007|18:51] C:\Program Files\epson
[11/01/2008|20:50] C:\Program Files\Fichiers communs
[22/06/2007|20:00] C:\Program Files\Google
[14/02/2008|19:48] C:\Program Files\GUILD WARS
[04/09/2007|03:58] C:\Program Files\Hercules
[14/02/2008|23:10] C:\Program Files\InstallShield Installation Information
[09/01/2008|07:41] C:\Program Files\Internet Explorer
[22/08/2007|13:09] C:\Program Files\InternetGameBox
[28/07/2007|11:31] C:\Program Files\Java
[17/11/2007|06:25] C:\Program Files\Labtec
[11/01/2008|20:50] C:\Program Files\Lavasoft
[07/09/2007|21:06] C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
[17/11/2007|06:25] C:\Program Files\Logitech
[24/05/2007|02:10] C:\Program Files\Messenger
[23/12/2007|09:46] C:\Program Files\Messenger Plus! Live
[06/04/2007|17:45] C:\Program Files\MessengerPlus! 3
[06/04/2007|16:58] C:\Program Files\microsoft frontpage
[06/04/2007|17:52] C:\Program Files\Microsoft Office
[06/04/2007|17:51] C:\Program Files\Microsoft Visual Studio
[06/04/2007|17:52] C:\Program Files\Microsoft Works
[06/04/2007|17:52] C:\Program Files\Microsoft.NET
[06/04/2007|16:56] C:\Program Files\Movie Maker
[27/02/2008|20:17] C:\Program Files\Mozilla Firefox
[06/04/2007|20:05] C:\Program Files\MSN
[06/04/2007|16:54] C:\Program Files\MSN Gaming Zone
[23/12/2007|09:46] C:\Program Files\MSN Messenger
[23/05/2007|23:31] C:\Program Files\MSXML 4.0
[08/10/2007|08:52] C:\Program Files\Multi_Media_France
[08/10/2007|08:52] C:\Program Files\MultiMedia France Toolbar
[06/04/2007|17:41] C:\Program Files\Nero
[06/04/2007|16:56] C:\Program Files\NetMeeting
[06/04/2007|16:55] C:\Program Files\Online Services
[08/08/2007|21:58] C:\Program Files\Outerinfo
[14/06/2007|02:08] C:\Program Files\Outlook Express
[07/09/2007|20:55] C:\Program Files\Realtek
[14/02/2008|23:10] C:\Program Files\Samsung
[19/10/2007|21:04] C:\Program Files\Secured eMule
[11/01/2008|20:30] C:\Program Files\Secured_eMule
[06/04/2007|16:56] C:\Program Files\Services en ligne
[06/04/2007|18:49] C:\Program Files\Smart Panel
[27/02/2008|19:00] C:\Program Files\Trend Micro
[06/04/2007|17:27] C:\Program Files\Uninstall Information
[07/09/2007|20:55] C:\Program Files\VIA
[04/05/2007|22:55] C:\Program Files\VideoLAN
[10/06/2007|07:08] C:\Program Files\Windows Live
[04/05/2007|22:08] C:\Program Files\Windows Media Connect 2
[07/10/2007|15:56] C:\Program Files\Windows Media Player
[06/04/2007|16:54] C:\Program Files\Windows NT
[06/04/2007|16:56] C:\Program Files\WindowsUpdate
[02/07/2007|00:09] C:\Program Files\WinRAR
[06/04/2007|16:58] C:\Program Files\xerox
[22/11/2007|21:30] C:\Program Files\Zango
[23/05/2007|22:08] C:\Program Files\Zylom Games
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[11/01/2008|20:50] C:\Program Files\Fichiers communs\.
[11/01/2008|20:50] C:\Program Files\Fichiers communs\..
[23/08/2007|10:52] C:\Program Files\Fichiers communs\Adobe
[06/04/2007|17:42] C:\Program Files\Fichiers communs\Ahead
[06/04/2007|17:52] C:\Program Files\Fichiers communs\DESIGNER
[06/04/2007|18:15] C:\Program Files\Fichiers communs\InstallShield
[14/04/2007|20:53] C:\Program Files\Fichiers communs\Java
[07/04/2007|20:21] C:\Program Files\Fichiers communs\Labtec
[17/11/2007|06:26] C:\Program Files\Fichiers communs\LogiShrd
[06/04/2007|17:52] C:\Program Files\Fichiers communs\Microsoft Shared
[06/04/2007|16:56] C:\Program Files\Fichiers communs\MSSoap
[06/04/2007|18:50] C:\Program Files\Fichiers communs\ODBC
[06/04/2007|16:56] C:\Program Files\Fichiers communs\Services
[06/04/2007|18:50] C:\Program Files\Fichiers communs\SpeechEngines
[14/06/2007|02:02] C:\Program Files\Fichiers communs\System
[11/01/2008|20:19] C:\Program Files\Fichiers communs\Teleca Shared
[11/01/2008|20:50] C:\Program Files\Fichiers communs\Wise Installation Wizard
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\bis1.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Book log.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Htm Support Bait Deaf\Support Mode.exe
C:\Program Files\Adverts
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Program Files\Multi_Media_France
C:\Program Files\Multi_Media_France\INSTALL.LOG
C:\WINDOWS\Tasks\E457E8678E74817B.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bait deaf idle setup"="C:\\Documents and Settings\\All Users\\Application Data\\Htm Support Bait Deaf\\Book log.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 72 ( 70 ## added by CiD )
/!\ 1 Not 127.0.0.1 !!
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 20:35:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\emwfsppto_navps.dat
C:\WINDOWS\system32\emwfsppto.exe
C:\WINDOWS\system32\emwfsppto.dat
C:\WINDOWS\system32\emwfsppto_nav.dat
! EGDACCESS !
C:\WINDOWS\system32\abeeg.ini2
! VUNDO Possible !
/!\ [Fich:11045][Doss:74] C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp
/!\ [Fich:1961][Doss:0] C:\DOCUME~1\FRANOI~1\Cookies
/!\ [Fich:16042][Doss:32] C:\DOCUME~1\FRANOI~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 20:36:41,42 ]----------------------
le rapport de BTFix
BTFix 1.081 (par bibi26) - 27/02/2008 20:44:08 - Analyse
Lancé depuis C:\Documents and Settings\françoise\Bureau\BTFix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\Program Files\Zango\
- C:\Program Files\Mozilla Firefox\components\npclntax.xpt
- C:\Program Files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
- C:\Documents and Settings\françoise\Application Data\Zango\
- C:\Documents and Settings\All Users\Application Data\ZangoSA\
- C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\
- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Zango\
---> Analyse terminée
je clic sur nettoyer??
Re,
Et ben ça en fait des infection, tu n'y es pas allé de main morte !
Egdaccess, Lop, Vundo etc ..
Relance Lop S&D
- Choisis cette fois ci l'Option 2 ( Suppression )
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré ( C:\lopR.txt )
(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
*****
Télécharge OTMoveIt > Tuto <
Sauvegarde-le sur le Bureau
Séléctionne l'encadré ci-dessous
C:\DOCUME~1\FRANOI~1\APPLIC~1\Barbjunkloud
|
Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !
Si le programme te demande de redemarrer, accepte.
Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!
NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
Répondre à XmichouX
voici copie de rapport:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:19, on 01/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Medion Info Display\MdionLCM.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\medion\WCESCOMM.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail [...] fr&.src=ym
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/search?source [...] fr&q=yahoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CE86878F-D099-4FFC-A4DC-E51D192063B1} - C:\WINDOWS\system32\pmnoPjGA.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MedionVFD] "C:\Program Files\Medion Info Display\MdionLCM.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PDUiP6210DMon] C:\Program Files\Canon\Memory Card Utility\iP6210D\PDUiP6210DMon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCReye.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\medion\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [yawtesgq] c:\documents and settings\philippe\local settings\application data\yawtesgq.exe yawtesgq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - c:\medion\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\medion\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - c:\medion\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9731383765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 1096353671
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O20 - Winlogon Notify: pmnoPjGA - C:\WINDOWS\SYSTEM32\pmnoPjGA.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://www.eurowebcar.com/images/v [...] aliber.jpg
O24 - Desktop Component 1: (no name) - http://mecanic.fr/potd/images/33.jpg
--
End of file - 10864 bytes
Il y a 415 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
