Virus Antivirus 2009
Fermé
juliegil
-
19 janv. 2009 à 22:47
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 20 janv. 2009 à 17:27
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 20 janv. 2009 à 17:27
A voir également:
- Virus Antivirus 2009
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Youtu.be virus - Accueil - Guide virus
- Desactiver antivirus windows 10 - Guide
- Svchost.exe virus - Guide
28 réponses
résultat Malwarebyte :
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
20/01/2009 15:56:38
mbam-log-2009-01-20 (15-56-38).txt
Type de recherche: Examen rapide
Eléments examinés: 74994
Temps écoulé: 4 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lobuzosi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hesudipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\susonuno.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ducdbh.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37311ed0-3b44-4e8d-a197-7c1e9e2a18f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37311ed0-3b44-4e8d-a197-7c1e9e2a18f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74e696fc-d4de-436a-9eb4-c71d9697d0a7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74e696fc-d4de-436a-9eb4-c71d9697d0a7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37311ed0-3b44-4e8d-a197-7c1e9e2a18f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f897f82d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmfba4cbb1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zegotukata (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hesudipi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hesudipi.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ducdbh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lobuzosi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\isozubol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hesudipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\susonuno.dll (Trojan.Vundo.H) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
20/01/2009 15:56:38
mbam-log-2009-01-20 (15-56-38).txt
Type de recherche: Examen rapide
Eléments examinés: 74994
Temps écoulé: 4 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\lobuzosi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hesudipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\susonuno.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ducdbh.dll (Trojan.Vundo.H) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37311ed0-3b44-4e8d-a197-7c1e9e2a18f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37311ed0-3b44-4e8d-a197-7c1e9e2a18f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74e696fc-d4de-436a-9eb4-c71d9697d0a7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74e696fc-d4de-436a-9eb4-c71d9697d0a7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37311ed0-3b44-4e8d-a197-7c1e9e2a18f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f897f82d (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmfba4cbb1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zegotukata (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hesudipi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hesudipi.dll -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ducdbh.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lobuzosi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\isozubol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\hesudipi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\susonuno.dll (Trojan.Vundo.H) -> Delete on reboot.
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
20 janv. 2009 à 15:57
20 janv. 2009 à 15:57
oki ...
un nouveau rapport RSIT ( log.txt ) stp maintenant ....
un nouveau rapport RSIT ( log.txt ) stp maintenant ....
voilà le rapport log.txt
Logfile of random's system information tool 1.05 (written by random/random)
Run by JBT at 2009-01-20 16:22:09
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (42%) free of 30 GB
Total RAM: 998 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:16, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JBT\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\JBT\Bureau\RSIT.exe
C:\Program Files\trend micro\JBT.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2387A977-6829-4104-BDED-F56F58B530F0} - (no file)
O2 - BHO: (no name) - {74e696fc-d4de-436a-9eb4-c71d9697d0a7} - C:\WINDOWS\system32\yesileya.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE RÉSEAU')
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ig-a.com
O17 - HKLM\Software\..\Telephony: DomainName = ig-a.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ig-a.com
O20 - AppInit_DLLs: c:\windows\system32\kofipulo.dll c:\windows\system32\bizoyuza.dll c:\windows\system32\gatotafi.dll C:\WINDOWS\system32\wivevevi.dll C:\WINDOWS\system32\yuwowijo.dll ducdbh.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by JBT at 2009-01-20 16:22:09
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 12 GB (42%) free of 30 GB
Total RAM: 998 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:16, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JBT\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\JBT\Bureau\RSIT.exe
C:\Program Files\trend micro\JBT.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2387A977-6829-4104-BDED-F56F58B530F0} - (no file)
O2 - BHO: (no name) - {74e696fc-d4de-436a-9eb4-c71d9697d0a7} - C:\WINDOWS\system32\yesileya.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE RÉSEAU')
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ig-a.com
O17 - HKLM\Software\..\Telephony: DomainName = ig-a.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ig-a.com
O20 - AppInit_DLLs: c:\windows\system32\kofipulo.dll c:\windows\system32\bizoyuza.dll c:\windows\system32\gatotafi.dll C:\WINDOWS\system32\wivevevi.dll C:\WINDOWS\system32\yuwowijo.dll ducdbh.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
20 janv. 2009 à 16:42
20 janv. 2009 à 16:42
Bien ...
essaye ceci :
1- Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double clique sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copie ce qui se trouve en citation ci-dessous,
et colle le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)
-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ...
( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)
-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
=========================
2- refais un scan RSIT , poste le nouveau "log.txt" obtenu et attends la suite ...
essaye ceci :
1- Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe
! Déconnecte toi et ferme toutes tes applications en cours !
Double clique sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copie ce qui se trouve en citation ci-dessous,
:Processes
explorer.exe
:Services
FAJFXGL
:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2387A977-6829-4104-BDED-F56F58B530F0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74e696fc-d4de-436a-9eb4-c71d9697d0a7}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"zegotukata"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
:Files
C:\WINDOWS\tasks\akgqgdql.job
C:\WINDOWS\system32\gatosisu.dll
C:\WINDOWS\system32\wivevevi.dll
C:\WINDOWS\system32\yuwowijo.dll
C:\WINDOWS\system32\hnhlml.dll
C:\WINDOWS\system32\jhshri.dll
C:\WINDOWS\system32\zxceqz.dll
C:\WINDOWS\system32\mpegmkjy.ini
C:\WINDOWS\system32\nsmxqi.dll
C:\WINDOWS\system32\uvrikkqs.dll
C:\WINDOWS\system32\cocnla.dll
C:\WINDOWS\system32\podrtrgb.dll
C:\WINDOWS\system32\uwhbewwn.ini
C:\WINDOWS\system32\iqwcgaap.dll
C:\WINDOWS\system32\djhvaz.dll
C:\WINDOWS\system32\iohrtt.dll
C:\WINDOWS\system32\pvfwtqew.dll
C:\WINDOWS\system32\nlxootte.ini
C:\WINDOWS\system32\rboidfkw.ini
C:\WINDOWS\system32\winsrc.dll.tmp
C:\WINDOWS\system32\bnqbeaug.ini
C:\WINDOWS\system32\f3b43c53-.txt
C:\WINDOWS\system32\vEggNqru.ini2
C:\WINDOWS\system32\vEggNqru.ini
C:\WINDOWS\system32\osituzov.ini
C:\WINDOWS\system32\ofosojay.ini
C:\WINDOWS\system32\ewapizem.ini
C:\WINDOWS\system32\etogifil.ini
C:\WINDOWS\system32\mopazazi.dll
C:\WINDOWS\system32\yeruduki.dll
C:\WINDOWS\system32\yazeriza.dll
C:\WINDOWS\system32\zewobihu.dll
C:\WINDOWS\system32\wezavova.dll
:Commands
[purity]
[emptytemp]
[Reboot]
et colle le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)
-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ...
( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)
-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .
Ton PC va redémarrer de lui même ...
-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ).
=========================
2- refais un scan RSIT , poste le nouveau "log.txt" obtenu et attends la suite ...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
le résultat de movelt :
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service FAJFXGL stopped successfully.
Service FAJFXGL deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2387A977-6829-4104-BDED-F56F58B530F0}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74e696fc-d4de-436a-9eb4-c71d9697d0a7}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zegotukata deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\akgqgdql.job moved successfully.
File/Folder C:\WINDOWS\system32\gatosisu.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wivevevi.dll
C:\WINDOWS\system32\wivevevi.dll NOT unregistered.
C:\WINDOWS\system32\wivevevi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yuwowijo.dll
C:\WINDOWS\system32\yuwowijo.dll NOT unregistered.
C:\WINDOWS\system32\yuwowijo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hnhlml.dll
C:\WINDOWS\system32\hnhlml.dll NOT unregistered.
C:\WINDOWS\system32\hnhlml.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jhshri.dll
C:\WINDOWS\system32\jhshri.dll NOT unregistered.
C:\WINDOWS\system32\jhshri.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zxceqz.dll
C:\WINDOWS\system32\zxceqz.dll NOT unregistered.
C:\WINDOWS\system32\zxceqz.dll moved successfully.
C:\WINDOWS\system32\mpegmkjy.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nsmxqi.dll
C:\WINDOWS\system32\nsmxqi.dll NOT unregistered.
C:\WINDOWS\system32\nsmxqi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uvrikkqs.dll
C:\WINDOWS\system32\uvrikkqs.dll NOT unregistered.
C:\WINDOWS\system32\uvrikkqs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cocnla.dll
C:\WINDOWS\system32\cocnla.dll NOT unregistered.
C:\WINDOWS\system32\cocnla.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\podrtrgb.dll
C:\WINDOWS\system32\podrtrgb.dll NOT unregistered.
C:\WINDOWS\system32\podrtrgb.dll moved successfully.
C:\WINDOWS\system32\uwhbewwn.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iqwcgaap.dll
C:\WINDOWS\system32\iqwcgaap.dll NOT unregistered.
C:\WINDOWS\system32\iqwcgaap.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\djhvaz.dll
C:\WINDOWS\system32\djhvaz.dll NOT unregistered.
C:\WINDOWS\system32\djhvaz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iohrtt.dll
C:\WINDOWS\system32\iohrtt.dll NOT unregistered.
C:\WINDOWS\system32\iohrtt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pvfwtqew.dll
C:\WINDOWS\system32\pvfwtqew.dll NOT unregistered.
C:\WINDOWS\system32\pvfwtqew.dll moved successfully.
C:\WINDOWS\system32\nlxootte.ini moved successfully.
C:\WINDOWS\system32\rboidfkw.ini moved successfully.
C:\WINDOWS\system32\winsrc.dll.tmp moved successfully.
C:\WINDOWS\system32\bnqbeaug.ini moved successfully.
C:\WINDOWS\system32\f3b43c53-.txt moved successfully.
C:\WINDOWS\system32\vEggNqru.ini2 moved successfully.
C:\WINDOWS\system32\vEggNqru.ini moved successfully.
C:\WINDOWS\system32\osituzov.ini moved successfully.
C:\WINDOWS\system32\ofosojay.ini moved successfully.
C:\WINDOWS\system32\ewapizem.ini moved successfully.
C:\WINDOWS\system32\etogifil.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mopazazi.dll
C:\WINDOWS\system32\mopazazi.dll NOT unregistered.
C:\WINDOWS\system32\mopazazi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yeruduki.dll
C:\WINDOWS\system32\yeruduki.dll NOT unregistered.
C:\WINDOWS\system32\yeruduki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yazeriza.dll
C:\WINDOWS\system32\yazeriza.dll NOT unregistered.
C:\WINDOWS\system32\yazeriza.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zewobihu.dll
C:\WINDOWS\system32\zewobihu.dll NOT unregistered.
C:\WINDOWS\system32\zewobihu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wezavova.dll
C:\WINDOWS\system32\wezavova.dll NOT unregistered.
C:\WINDOWS\system32\wezavova.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JBT\LOCALS~1\Temp\etilqs_CDLxAojKpv7djo40OKlP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_300.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_170533
Files moved on Reboot...
File C:\DOCUME~1\JBT\LOCALS~1\Temp\etilqs_CDLxAojKpv7djo40OKlP not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_300.dat not found!
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\XUL.mfl moved successfully.
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service FAJFXGL stopped successfully.
Service FAJFXGL deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2387A977-6829-4104-BDED-F56F58B530F0}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74e696fc-d4de-436a-9eb4-c71d9697d0a7}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zegotukata deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\akgqgdql.job moved successfully.
File/Folder C:\WINDOWS\system32\gatosisu.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wivevevi.dll
C:\WINDOWS\system32\wivevevi.dll NOT unregistered.
C:\WINDOWS\system32\wivevevi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yuwowijo.dll
C:\WINDOWS\system32\yuwowijo.dll NOT unregistered.
C:\WINDOWS\system32\yuwowijo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\hnhlml.dll
C:\WINDOWS\system32\hnhlml.dll NOT unregistered.
C:\WINDOWS\system32\hnhlml.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jhshri.dll
C:\WINDOWS\system32\jhshri.dll NOT unregistered.
C:\WINDOWS\system32\jhshri.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zxceqz.dll
C:\WINDOWS\system32\zxceqz.dll NOT unregistered.
C:\WINDOWS\system32\zxceqz.dll moved successfully.
C:\WINDOWS\system32\mpegmkjy.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nsmxqi.dll
C:\WINDOWS\system32\nsmxqi.dll NOT unregistered.
C:\WINDOWS\system32\nsmxqi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\uvrikkqs.dll
C:\WINDOWS\system32\uvrikkqs.dll NOT unregistered.
C:\WINDOWS\system32\uvrikkqs.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\cocnla.dll
C:\WINDOWS\system32\cocnla.dll NOT unregistered.
C:\WINDOWS\system32\cocnla.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\podrtrgb.dll
C:\WINDOWS\system32\podrtrgb.dll NOT unregistered.
C:\WINDOWS\system32\podrtrgb.dll moved successfully.
C:\WINDOWS\system32\uwhbewwn.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iqwcgaap.dll
C:\WINDOWS\system32\iqwcgaap.dll NOT unregistered.
C:\WINDOWS\system32\iqwcgaap.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\djhvaz.dll
C:\WINDOWS\system32\djhvaz.dll NOT unregistered.
C:\WINDOWS\system32\djhvaz.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\iohrtt.dll
C:\WINDOWS\system32\iohrtt.dll NOT unregistered.
C:\WINDOWS\system32\iohrtt.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\pvfwtqew.dll
C:\WINDOWS\system32\pvfwtqew.dll NOT unregistered.
C:\WINDOWS\system32\pvfwtqew.dll moved successfully.
C:\WINDOWS\system32\nlxootte.ini moved successfully.
C:\WINDOWS\system32\rboidfkw.ini moved successfully.
C:\WINDOWS\system32\winsrc.dll.tmp moved successfully.
C:\WINDOWS\system32\bnqbeaug.ini moved successfully.
C:\WINDOWS\system32\f3b43c53-.txt moved successfully.
C:\WINDOWS\system32\vEggNqru.ini2 moved successfully.
C:\WINDOWS\system32\vEggNqru.ini moved successfully.
C:\WINDOWS\system32\osituzov.ini moved successfully.
C:\WINDOWS\system32\ofosojay.ini moved successfully.
C:\WINDOWS\system32\ewapizem.ini moved successfully.
C:\WINDOWS\system32\etogifil.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mopazazi.dll
C:\WINDOWS\system32\mopazazi.dll NOT unregistered.
C:\WINDOWS\system32\mopazazi.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yeruduki.dll
C:\WINDOWS\system32\yeruduki.dll NOT unregistered.
C:\WINDOWS\system32\yeruduki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yazeriza.dll
C:\WINDOWS\system32\yazeriza.dll NOT unregistered.
C:\WINDOWS\system32\yazeriza.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\zewobihu.dll
C:\WINDOWS\system32\zewobihu.dll NOT unregistered.
C:\WINDOWS\system32\zewobihu.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wezavova.dll
C:\WINDOWS\system32\wezavova.dll NOT unregistered.
C:\WINDOWS\system32\wezavova.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JBT\LOCALS~1\Temp\etilqs_CDLxAojKpv7djo40OKlP scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_300.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01202009_170533
Files moved on Reboot...
File C:\DOCUME~1\JBT\LOCALS~1\Temp\etilqs_CDLxAojKpv7djo40OKlP not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_300.dat not found!
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\JBT\Local Settings\Application Data\Mozilla\Firefox\Profiles\7llgtlkh.default\XUL.mfl moved successfully.
et voici le résultat de log.txt :
Logfile of random's system information tool 1.05 (written by random/random)
Run by JBT at 2009-01-20 17:10:57
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 13 GB (42%) free of 30 GB
Total RAM: 998 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:01, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JBT\Bureau\RSIT.exe
C:\Program Files\trend micro\JBT.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {74e696fc-d4de-436a-9eb4-c71d9697d0a7} - C:\WINDOWS\system32\yesileya.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s
O4 - HKLM\..\Run: [CPMfba4cbb1] Rundll32.exe "C:\WINDOWS\system32\zewobihu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE RÉSEAU')
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ig-a.com
O17 - HKLM\Software\..\Telephony: DomainName = ig-a.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ig-a.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\yuwowijo.dll c:\windows\system32\yeruduki.dll c:\windows\system32\zewobihu.dll,C:\WINDOWS\system32\wivevevi.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zewobihu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zewobihu.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by JBT at 2009-01-20 17:10:57
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 13 GB (42%) free of 30 GB
Total RAM: 998 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:01, on 20/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\JBT\Bureau\RSIT.exe
C:\Program Files\trend micro\JBT.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {74e696fc-d4de-436a-9eb4-c71d9697d0a7} - C:\WINDOWS\system32\yesileya.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s
O4 - HKLM\..\Run: [CPMfba4cbb1] Rundll32.exe "C:\WINDOWS\system32\zewobihu.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [zegotukata] Rundll32.exe "C:\WINDOWS\system32\roredopu.dll",s (User 'SERVICE RÉSEAU')
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ig-a.com
O17 - HKLM\Software\..\Telephony: DomainName = ig-a.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ig-a.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\yuwowijo.dll c:\windows\system32\yeruduki.dll c:\windows\system32\zewobihu.dll,C:\WINDOWS\system32\wivevevi.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zewobihu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\zewobihu.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
20 janv. 2009 à 17:10
20 janv. 2009 à 17:10
Bon ... cela a mit un cou sur la tête de Vundo mais il résiste encore ...
Refais un coup de CCleaner (registre comrpis )
Puis retente ceci stp :
Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée ici : C:\Combofix.txt
Réactive bien tes défenses .
Poste le rapport Combofix pour analyse ...
Refais un coup de CCleaner (registre comrpis )
Puis retente ceci stp :
Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Le rapport sera crée ici : C:\Combofix.txt
Réactive bien tes défenses .
Poste le rapport Combofix pour analyse ...
sKe69
Messages postés
21360
Date d'inscription
samedi 15 mars 2008
Statut
Contributeur sécurité
Dernière intervention
30 décembre 2012
463
20 janv. 2009 à 17:27
20 janv. 2009 à 17:27
Tu vas le lancer en mode sans échec pour voir :
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Redémarre le PC manuellement si celui-ci ne l' a pas fais automatiquement après le scan .
Le rapport sera crée ici : C:\Combofix.txt
Poste le pour analyse stp ...
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...
Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .
Appuie sur la touche Y (Yes) pour démarrer le scan .
Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )
Redémarre le PC manuellement si celui-ci ne l' a pas fais automatiquement après le scan .
Le rapport sera crée ici : C:\Combofix.txt
Poste le pour analyse stp ...
