Sujet Précédent Sujet Suivant

Trojan generic

Résolu
cosmos2412 Messages postés 43 Statut Membre -  
cosmos2412 Messages postés 43 Statut Membre -
Bonjour,

J'ai un virus trojan generic et j'ai besoin d'aide.....
merci de me répondre
Nathalie
A voir également:

54 réponses

Précédent
Réponse 21 / 54
cosmos2412 Messages postés 43 Statut Membre
 
[C:\WINDOWS\system32\winchat.exe] 2A99260794224489F29B628717B7947E
[C:\WINDOWS\system32\WinFXDocObj.exe] CB61F20255C666E59F076247203D8496
[C:\WINDOWS\system32\winhlp32.exe] 577624F19D0441C9111F2AF26C81E04D
[C:\WINDOWS\system32\winlogon.exe] DD73D6B9F6B4CB630CF35B438B540174
[C:\WINDOWS\system32\winmine.exe] EA682C022F7204CC8E8C9EF5DCE29356
[C:\WINDOWS\system32\winmsd.exe] 7EBF8A4B608AFB79C67F4E4A9C5885BB
[C:\WINDOWS\system32\winspool.exe] 0B4B94B78123E8035B84105BC024F9F8
[C:\WINDOWS\system32\winver.exe] 61E80B60CD30D995E80702623BE47B9D
0
Réponse 22 / 54
cosmos2412 Messages postés 43 Statut Membre
 
E
############################## [ UsbFix V3.021 # Scan ]

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:46:03 | 19/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090519-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (42,22 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,85 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:28,56,93,74,3b,d7,c9,01
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Nathalie"
HKLM_logon: "AltDefaultUserName"="Nathalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: CTHelper=CTHELPER.EXE
HKLM_Run: CTxfiHlp=CTXFIHLP.EXE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: EleFunAnimatedWallpaper=
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Windows Layer=cujqgz.exe
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OE=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Windows Layer=cujqgz.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

################## [ Registre # Mountpoints2 ]

################## [ ! Fin du rapport # UsbFix V3.021 ! ]
0
Réponse 23 / 54
cosmos2412 Messages postés 43 Statut Membre
 
slt

je ne sais pas ou parcourir pour le fichier à transmettre à Upload, ni comment virer le C\DOCUME~\NATHALIE....etc
0
Réponse 24 / 54
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:files
C:\DOCUME~1\NATHAL~1.NAT\Mes documents\Ma musique\Gta Grand Theft Auto San Andreas Jeux Pc Complet Fr Avec Crack Cadeau Argent Juin 2005.iso
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

remets un rapport RSIT comme déjà demandé pour etre sur qu'il ne reste rien!!!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 54
cosmos2412 Messages postés 43 Statut Membre
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\DOCUME~1\NATHAL~1.NAT\Mes documents\Ma musique\Gta Grand Theft Auto San Andreas Jeux Pc Complet Fr Avec Crack Cadeau Argent Juin 2005.iso moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\5qy+mIxEJMZWhtVKUq7Ra9nD2FZw= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\EoqOwI5Z+SzhquPaCS9fX1DQgDU= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\xjkEY6Mq2+6DVdPPK2wPv8nY4KY= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC24D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC3C7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC518.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC589.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC73C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC7AE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\W7X4HNL0\affich-12513420-trojan-generic[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\W7X4HNL0\default[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\W7X4HNL0\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\MAHYUJ93\im[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\MAHYUJ93\mymsn[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\GLL2Z7TY\MsgrConfig[1].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\GLL2Z7TY\MsgrConfig[2].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\ADSAdClient31[1].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\home[1].aspx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\ToastFull[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\ToastMini[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\4BHA4A5X\MsgrConfig[1].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05202009_152623

Files moved on Reboot...
C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\5qy+mIxEJMZWhtVKUq7Ra9nD2FZw= moved successfully.
C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\EoqOwI5Z+SzhquPaCS9fX1DQgDU= moved successfully.
C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\MessengerCache\xjkEY6Mq2+6DVdPPK2wPv8nY4KY= moved successfully.
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC24D.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC3C7.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC518.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC589.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC73C.tmp not found!
File C:\DOCUME~1\NATHAL~1.NAT\LOCALS~1\Temp\~DFC7AE.tmp not found!
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\W7X4HNL0\affich-12513420-trojan-generic[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\W7X4HNL0\default[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\W7X4HNL0\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\MAHYUJ93\im[1].htm moved successfully.
File C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\MAHYUJ93\mymsn[1].htm not found!
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\GLL2Z7TY\MsgrConfig[1].asmx moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\GLL2Z7TY\MsgrConfig[2].asmx moved successfully.
File C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\01[1].htm not found!
File C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\ADSAdClient31[1].txt not found!
File C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\home[1].aspx not found!
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\ToastFull[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\FZ5PR5QY\ToastMini[1].htm moved successfully.
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\4BHA4A5X\MsgrConfig[1].asmx moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_6d8.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat not found!
0
Réponse 26 / 54
cosmos2412 Messages postés 43 Statut Membre
 
# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 15:39:13 | 20/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090519-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (42,18 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,85 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:28,56,93,74,3b,d7,c9,01
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Nathalie"
HKLM_logon: "AltDefaultUserName"="Nathalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: CTHelper=CTHELPER.EXE
HKLM_Run: CTxfiHlp=CTXFIHLP.EXE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: EleFunAnimatedWallpaper=
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Windows Layer=cujqgz.exe
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OE=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Windows Layer=cujqgz.exe
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

################## [ Registre # Mountpoints2 ]

################## [ ! Fin du rapport # UsbFix V3.021 ! ]
0
Réponse 27 / 54
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
non c'est pas un rapport RSIT ...
0
Réponse 28 / 54
cosmos2412 Messages postés 43 Statut Membre
 
Pardon !!!..........voici :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Nathalie at 2009-05-21 00:26:09
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 44 GB (44%) free of 100 GB
Total RAM: 2046 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:28, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Mes documents\RSIT.exe
C:\Program Files\trend micro\Nathalie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Layer] cujqgz.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Layer] cujqgz.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 29 / 54
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
sur un ordi un seul antivirus! avast ou trend micro

_________

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Layer"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Layer"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_________________________

remets un rapport RSIT

____________________________

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ps : pas besoin de m´envoyer le rapport si tout a été supprimé
0
Réponse 30 / 54
cosmos2412 Messages postés 43 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Nathalie at 2009-05-21 15:32:57
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 44 GB (44%) free of 100 GB
Total RAM: 2046 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33:14, on 21/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Local Settings\Temporary Internet Files\Content.IE5\DALSQJOB\OTMoveIt3[1].exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Mes documents\OTMoveIt3.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Mes documents\RSIT.exe
C:\Program Files\trend micro\Nathalie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Layer] cujqgz.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrvR) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
0
Réponse 31 / 54
cosmos2412 Messages postés 43 Statut Membre
 
Bonjour,

Je sais bien qu'il ne faut qu'un virus sur l'ordi, mais j'avais supprimé Trendmicro (il y a longtemps !).....je ne savais même pas qu'il fonctionnait encore !!!!
J'execute les dernières consignes..........si tout va bien, merci mille fois..........
nathalie
0
Réponse 32 / 54
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok pour finir

Télécharge et install UsbFix de C_XX & Chiquitine29

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche )

# Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 33 / 54
cosmos2412 Messages postés 43 Statut Membre
 
Je vais encore abuser........Comment puis-je enlever trend micro ?....

############################## [ UsbFix V3.024 # Scan ]

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 21/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 22:17:15 | 21/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090520-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (42,74 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,85 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Nathalie.NATHALIE-6C7D0C\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"
HKCU_Main: "Start Page Redirect Cache AcceptLangs"="fr"
HKCU_Main: "Start Page Redirect Cache_TIMESTAMP"=hex:28,56,93,74,3b,d7,c9,01
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Nathalie"
HKLM_logon: "AltDefaultUserName"="Nathalie"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: dla=C:\WINDOWS\system32\dla\tfswctrl.exe
HKLM_Run: UpdateManager="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: CTHelper=CTHELPER.EXE
HKLM_Run: CTxfiHlp=CTXFIHLP.EXE
HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: EleFunAnimatedWallpaper=
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
HKLM_Run: LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
HKLM_Run: LogitechVideoTray=C:\Program Files\Logitech\Video\LogiTray.exe
HKLM_Run: UfSeAgnt.exe="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: hpqSRMon=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: SecurDisc=C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Windows Layer=cujqgz.exe
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: OE=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Windows Layer"

################## [ Registre # Mountpoints2 ]

################## [ Informations ]

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]
0
Réponse 34 / 54
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
refais usbfix option 2 et colle le rapport

_________________

vire le fichier trend micro en allant dans :

C:\Program Files\Trend Micro

__________________
pour virer ce qui a été utilisé:

Télécharge OTCleanIt de OldTimer sur ton Bureau

Lance OTCleanIt avec un double-clic (sous Vista, lance-le en cliquant droit sur OTCleanIt.exe et en sélectionnant "exécuter en tant qu'administrateur")

Appuie sur le bouton "CleanUp!"

A la question "begin cleanup process?", réponds "YES"

A la fin de l'opération, si OTCleanIt demande de redémarrer ("Do you want to reboot now?"), ferme ce que tu es en train de faire (internet, documents divers...) et clique sur "YES":

Au redémarrage, OTCleanIt aura supprimé les outils de désinfection, et se sera même auto-détruit!

_______________________

comment va ton pc?

rq:

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

vacciner son ordi après avoir branché toutes ses clés usb avec usbfix ou flash disinfector ou rav antivirus car beaucoup actuellement transitent par les supports externes :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

---------
mettre un antivirus

ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
https://www.avira.com/fr/free-antivirus-windows
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR ou SPYWARE GUARD
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/18128.html
https://www.zonealarm.com/software/free-firewall

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 35 / 54
cosmos2412 Messages postés 43 Statut Membre
 
############################## [ UsbFix V3.024 # Cleaning ]

# User : Nathalie (Administrateurs) # NATHALIE-6C7D0C
# Update on 21/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:13:03 | 21/05/2009

# Intel(R) Pentium(R) 4 CPU 3.40GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 090520-0] 4.8.1229 [ Enabled | Updated ]
# AV : Trend Micro Internet Security 17.0.1367 [ Enabled | Updated ]
# FW : Pare-feu personnel Trend Micro[ Enabled ]5.5

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 97,65 Go (42,77 Go free) [SYSTEM] # NTFS
# D:\ # Disque fixe local # 135,22 Go (110,85 Go free) [DONNEES] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Windows Layer"

################## [ Registre # Mountpoints2 ]

################## [ Listing des fichiers présent ]

[21/05/2009 23:11|--a------|3329] - C:\aaw7boot.log
[03/04/2008 16:17|--a------|0] - C:\AUTOEXEC.BAT
[06/05/2009 12:43|---hs----|216] - C:\boot.ini
[14/04/2008 14:00|-rahs----|4952] - C:\Bootfont.bin
[06/01/2009 22:11|--a------|74] - C:\CMLoader.log
[03/04/2008 16:17|--a------|0] - C:\CONFIG.SYS
[01/01/2009 22:59|--a------|345373] - C:\CTSUFile.txt
[17/05/2009 23:26|--a------|2056] - C:\elast.MSNFix
[31/12/2008 01:13|--a------|16] - C:\h.txt
[12/07/2008 14:20|--a------|164] - C:\install.dat
[03/04/2008 16:17|-rahs----|0] - C:\IO.SYS
[17/05/2009 16:33|--a------|5489] - C:\lats.MSNFix
[12/05/2008 00:31|--a------|4639] - C:\MP4debug.log
[03/04/2008 16:17|-rahs----|0] - C:\MSDOS.SYS
[14/04/2008 14:00|-rahs----|47564] - C:\NTDETECT.COM
[14/04/2008 14:00|-rahs----|252240] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[20/09/2008 14:42|--ah-----|268] - C:\sqmdata00.sqm
[12/11/2008 18:20|--ah-----|268] - C:\sqmdata01.sqm
[26/11/2008 21:10|--ah-----|232] - C:\sqmdata02.sqm
[20/09/2008 14:42|--ah-----|244] - C:\sqmnoopt00.sqm
[12/11/2008 18:20|--ah-----|244] - C:\sqmnoopt01.sqm
[26/11/2008 21:10|--ah-----|244] - C:\sqmnoopt02.sqm
[31/10/2005 17:56|--a------|700416] - C:\StubInstaller.exe
[01/03/2009 17:49|--a------|0] - C:\Tech_Vista.log
[21/05/2009 23:15|--a------|4320] - C:\UsbFix.txt

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ Informations ]

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !

################## [ ! Fin du rapport # UsbFix V3.024 ! ]
0
Réponse 36 / 54
cosmos2412 Messages postés 43 Statut Membre
 
hé bien la bête ronronne, tranquille.......je n'entend plus la tour essoufflée.........la navigation est rapide....que du bonheur..!!!!!!

Nathalie
0
Réponse 37 / 54
cosmos2412 Messages postés 43 Statut Membre
 
Heuuuu..........Avast vient à l'instant de m'avertir de la présence d'un trojan generic !!!!!!!!.........
0
Réponse 38 / 54
cosmos2412 Messages postés 43 Statut Membre
 
heu................AVAST vient de m'avertir à l'instant de la présence d'un trojan generic ?

puis pour supprimer trend micro accès refusé TMBMSRU.EXE

merci !!!!!!!!
0
Réponse 39 / 54
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
utilise unlocker pour virer trend micro

http://www.commentcamarche.net/telecharger/telecharger 34055141 unlocker

colle un rapport avec avast pour voir les fichiers infectés
0
Réponse 40 / 54
cosmos2412 Messages postés 43 Statut Membre
 
ok........
0

Discussions similaires

'' generic android ''
Flxra._.Atxmics -
Flxra._.Atxmics -

2 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
J'ai supprimé un fichier IDP.generic
Fumiiko -
Malekal_morte- -

12 réponses
Virus Profile: Generic!atr.b
chantalou66 -
g3n-h@ckm@n -

8 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses