Sujet Précédent Sujet Suivant

Virus dans mon portable

Fermé
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 - 19 mai 2009 à 18:58
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 - 22 mai 2009 à 23:22
Bonjour,

Depuis quelque temps mon portable est devenu très très lent et quand je fais les tests avec avg il détecte plein de virus style trojan.horse...je les mets en 40aine mais ca change rien jsuis certain que jai encore plein de virus ds mon ordi... qu'est-ce que je fais ? y'a t'il un bon antivirus qui pourrait maider ??? Merci

j'ai AVG 7.5 Free edition
A voir également:

15 réponses

Réponse 1 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2009 à 19:02
slt,


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 15
DDmaster Messages postés 942 Date d'inscription mercredi 13 mai 2009 Statut Membre Dernière intervention 14 avril 2014 125
19 mai 2009 à 19:02
essaye avec spybot

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

ca marche pas mal

et un cout de ccleanner

http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
0
Réponse 3 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
19 mai 2009 à 19:11
voila le log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Anthony at 2009-05-19 13:08:35
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 56 GB (58%) free of 95 GB
Total RAM: 1022 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:08, on 2009-05-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\lphcp22j0etcp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\DNA\btdna.exe
C:\Documents and Settings\Anthony\Application Data\ptidle\ptidle.exe
C:\Documents and Settings\Anthony\Application Data\Twain\Twain.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\RSIT[1].exe
C:\Program Files\trend micro\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll
O2 - BHO: (no name) - {20D6CE25-BD74-42A0-9265-CC5E83147A79} - C:\WINDOWS\system32\pmkji.dll (file missing)
O2 - BHO: (no name) - {466AEDF3-FBAF-4297-98B5-B53E6FCF5864} - C:\WINDOWS\system32\sstqr.dll (file missing)
O2 - BHO: (no name) - {475b22fe-dec1-4c09-b813-8c8e4c430813} - C:\WINDOWS\system32\wanajiru.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {ECE8D5F8-0FE8-49CB-96D0-07CEDBE1C92E} - C:\WINDOWS\system32\xxyxvtt.dll (file missing)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [lphcp22j0etcp] C:\WINDOWS\system32\lphcp22j0etcp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SM3] C:\Program Files\3\3.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [popijowazi] Rundll32.exe "C:\WINDOWS\system32\lefekeku.dll",s
O4 - HKLM\..\Run: [30ce02b2] rundll32.exe "C:\WINDOWS\system32\jibilidi.dll",b
O4 - HKLM\..\Run: [CPM33fd312e] Rundll32.exe "c:\windows\system32\nukatojo.dll",a
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Documents and Settings\Anthony\Bureau\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Dirty-AnyDVD-Loader] C:\Program Files\SlySoft\AnyDVD\^0^DRL^0^.exe
O4 - HKCU\..\Run: [D-A-L] C:\Program Files\SlySoft\AnyDVD\^0^DRL^0^.exe
O4 - HKCU\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Anthony\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Anthony\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\Anthony\Application Data\digifast\digifast.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1221250643180&h=ea9f223e4fa3ee1e20288e085dfce19a/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - https://www.costcophotocentre.ca/SignIn?ReturnUrl=%2fFileNotFound.htm%3faspxerrorpath%3d%2fupload%2factivex%2fv2_0_0_9%2ferror.aspx&aspxerrorpath=/upload/activex/v2_0_0_9/error.aspx
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - https://www.costcophotocentre.ca/SignIn?ReturnUrl=%2fFileNotFound.htm%3faspxerrorpath%3d%2fupload%2factivex%2fv2_0_0_10%2ferror.aspx&aspxerrorpath=/upload/activex/v2_0_0_10/error.aspx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wusorevo.dll c:\windows\system32\nukatojo.dll c:\windows\system32\pinoteye.dll
O20 - Winlogon Notify: pmkji - C:\WINDOWS\system32\pmkji.dll (file missing)
O20 - Winlogon Notify: sstqr - C:\WINDOWS\system32\sstqr.dll (file missing)
O20 - Winlogon Notify: winydp32 - winydp32.dll (file missing)
O20 - Winlogon Notify: xxyxvtt - xxyxvtt.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nukatojo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\nukatojo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
0
Réponse 4 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2009 à 19:18
ok il y a du boulot!!!


pour AVG la version 8 est sortie!!!!!!


_______________________


utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------

scanne RAPIDE avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

__________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

[si je suspecte une infection bagle, j'ajoute :

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau]

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
19 mai 2009 à 20:04
Combofix me dit tjrs que AVG est ouvert mais comment je fais pour le fermer ? .. il dit que c'est mon scanneur en temps réel ...
0
Réponse 6 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2009 à 20:24
vire completement avg de ton ordi de toute façon c'est une ancienne version , on remettra avg version 8 ensuite ou antivir
0
Réponse 7 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
19 mai 2009 à 20:50
ok...

voici malware :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2155
Windows 5.1.2600 Service Pack 2

2009-05-19 13:43:59
mbam-log-2009-05-19 (13-43-59).txt

Type de recherche: Examen rapide
Eléments examinés: 90341
Temps écoulé: 7 minute(s), 58 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 7
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 12
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 41

Processus mémoire infecté(s):
C:\Documents and Settings\Anthony\Application Data\ptidle\ptidle.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Anthony\Application Data\Twain\Twain.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcp22j0etcp.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jibilidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\lefekeku.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wusorevo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nukatojo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wanajiru.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pinoteye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{475b22fe-dec1-4c09-b813-8c8e4c430813} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{475b22fe-dec1-4c09-b813-8c8e4c430813} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{475b22fe-dec1-4c09-b813-8c8e4c430813} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhct22j0etcp (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winydp32 (Dialer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\30ce02b2 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\popijowazi (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm33fd312e (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\twain (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcp22j0etcp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wusorevo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wusorevo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\nukatojo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\pinoteye.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\Anthony\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\digifast (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\rhct22j0etcp\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\hanuzuze.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ezuzunah.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jawegafa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\afagewaj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jibilidi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\idilibij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kumeyoku.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ukoyemuk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lukuduni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inudukul.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nifisito.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\otisifin.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\todorulo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olurodot.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lefekeku.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\pinoteye.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wanajiru.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wusorevo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\nukatojo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Anthony\Application Data\ptidle\ptidle.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\Twain\Twain.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\WWShow\WWShow.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prnet.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gepibura.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kavumefe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nedekaje.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pemewoma.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warekifu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zarebeba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\ptidle\ptidle.exe8d1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\digifast\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winydp32.dll (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Anthony\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ovfsthnkiqfikcrncbxjqekcmenciomjxsmhkr.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ovfsthtrpvccrvjrvrvaxyqvbdfexuspulndrx.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovfsthcxavmrsjslrthjfkkmxthpscqfqeweqj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovfsthnhergpxpdkenitgfiuqcfxoqjipfonhh.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zesanido.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcp22j0etcp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcp22j0etcp.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.


et ComboFix :

ComboFix 09-05-19.04 - Anthony 2009-05-19 14:33.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.1022.463 [GMT -4:00]
Lancé depuis: c:\documents and settings\Anthony\Bureau\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:/color
c:\windows\system32\nukatojo.dll
c:\windows\system32\wusorevo.dll
c:\windows\system32\pinoteye.dll


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Anthony\Application Data\inst.exe
c:\documents and settings\Anthony\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Anthony\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Anthony\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\WWShow
c:\program files\WWShow\WWShow.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\CPV.stt
c:\windows\system32\dumphive.exe
c:\windows\system32\husosaza.dll
c:\windows\system32\idilibij.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\ijkmp.bak1
c:\windows\system32\ijkmp.bak2
c:\windows\system32\ijkmp.ini
c:\windows\system32\ijkmp.ini2
c:\windows\system32\ijkmp.tmp
c:\windows\system32\jibilidi.dll
c:\windows\system32\lefekeku.dll
c:\windows\system32\nfvtupyo.ini
c:\windows\system32\Process.exe
c:\windows\system32\rqtss.bak1
c:\windows\system32\rqtss.bak2
c:\windows\system32\rqtss.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wanajiru.dll
c:\windows\system32\werolime.dll
c:\windows\system32\windll32.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-19 au 2009-05-19 ))))))))))))))))))))))))))))))))))))
.

2009-05-19 18:30 . 2009-05-19 18:30 -------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-05-19 17:33 . 2009-05-19 17:33 -------- d-----w c:\documents and settings\Anthony\Application Data\Malwarebytes
2009-05-19 17:33 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 17:33 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 17:33 . 2009-05-19 17:33 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-19 17:33 . 2009-05-19 17:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 17:21 . 2009-05-19 17:21 -------- d-----w c:\program files\CCleaner
2009-05-19 17:08 . 2009-05-19 17:09 -------- d-----w c:\program files\trend micro
2009-05-19 17:08 . 2009-05-19 17:09 -------- d-----w C:\rsit
2009-05-12 19:33 . 2009-05-12 19:33 -------- d-----w c:\windows\IP Changer
2009-05-12 19:33 . 2009-05-14 01:27 -------- d-----w c:\program files\IP Changer
2009-04-29 16:38 . 2009-04-29 16:38 -------- d-----w c:\program files\Thomson
2009-04-21 22:51 . 2009-04-21 22:51 -------- d-----w C:\ConverterOutput
2009-04-21 22:51 . 2004-09-10 17:50 34820 ----a-w c:\windows\system32\ffdshow.reg
2009-04-21 22:51 . 2007-01-01 09:30 200704 ----a-w c:\windows\system32\TomsMoComp_ff.dll
2009-04-21 22:51 . 2007-03-25 04:51 114688 ----a-w c:\windows\system32\libmpeg2_ff.dll
2009-04-21 22:51 . 2007-03-25 04:51 404480 ----a-w c:\windows\system32\libmplayer.dll
2009-04-21 22:51 . 2007-03-25 04:51 3049984 ----a-w c:\windows\system32\libavcodec.dll
2009-04-21 22:51 . 2006-07-18 01:42 14909 ----a-w c:\windows\system32\A_reg.reg
2009-04-21 22:51 . 2006-09-27 21:46 348160 ----a-w c:\windows\system32\cdga.dll
2009-04-21 22:51 . 2007-06-26 22:55 364544 ----a-w c:\windows\system32\cdg.dll
2009-04-21 22:51 . 2009-04-21 22:51 -------- d-----w c:\program files\Cucusoft
2009-04-20 02:18 . 2001-07-04 00:39 3654 ----a-w c:\windows\system32\drivers\Sonyhcp.dll
2009-04-20 02:18 . 2001-11-05 13:23 299923 ----a-w c:\windows\system32\drivers\sonyhcs.sys
2009-04-20 02:18 . 2001-11-05 13:23 6097 ----a-w c:\windows\system32\drivers\sonyhcb.sys
2009-04-20 02:18 . 2001-11-05 13:23 38739 ----a-w c:\windows\system32\drivers\sonyhcc.sys
2009-04-20 02:18 . 2002-10-16 02:41 102220 ----a-w c:\windows\system32\drivers\sonypvs1.sys
2009-04-20 02:18 . 2001-07-04 00:33 53248 ----a-w c:\windows\system32\SONYHCY.DLL
2009-04-20 02:18 . 2009-04-20 02:18 -------- d-----w C:\Drivers

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 15:03 . 2008-09-16 03:30 -------- d-----w c:\program files\DNA
2009-05-19 15:02 . 2009-02-19 15:02 87552 ----a-w c:\windows\system32\pinoteye.dll.vir
2009-05-19 02:24 . 2009-02-19 02:24 87552 ----a-w c:\windows\system32\nukatojo.dll.vir
2009-05-14 01:28 . 2006-10-19 02:07 -------- d-----w c:\program files\BearShare
2009-05-07 02:43 . 2007-08-26 22:29 -------- d-----w c:\program files\LimeWire
2009-04-20 02:18 . 2006-01-16 21:58 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 16:45 . 2006-01-16 15:31 77440 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 16:45 . 2006-01-16 15:31 474884 ----a-w c:\windows\system32\perfh00C.dat
2009-04-10 22:15 . 2009-04-10 22:15 -------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-06 21:04 . 2009-04-06 21:04 -------- d-----w c:\program files\Audacity
2009-04-01 13:48 . 2009-03-30 18:43 -------- d-----w c:\program files\Universal Shield 4.2
2009-03-31 21:00 . 2009-03-30 15:21 -------- d-----w c:\program files\Everstrike Software
2009-03-30 18:18 . 2006-10-19 01:33 -------- d-----w c:\program files\MSN Messenger
2009-03-30 15:21 . 2009-03-30 15:21 -------- d-----w c:\program files\Fichiers communs\Everstrike Software
2009-03-06 14:00 . 2006-01-16 15:31 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-01-16 15:31 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2006-01-16 15:31 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-15 503296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2003-09-20 368640]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-17 184320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-12 282624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"GGPN Agent"="c:\windows\Windll32\GGPN.exe" [2008-06-26 525312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-09-15 73728]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-08-03 266240]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"NDSTray.exe"="NDSTray.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-14 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\Anthony\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-3-5 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-17 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\nukatojo.dll,c:\windows\system32\wusorevo.dll c:\windows\system32\pinoteye.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

.
Contenu du dossier 'Tâches planifiées'

2009-05-11 c:\windows\Tasks\Ad-Aware SE Personal.job
- c:\progra~1\Lavasoft\AD-AWA~1\Ad-Aware.exe [2006-12-19 19:22]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{20D6CE25-BD74-42A0-9265-CC5E83147A79} - (no file)
BHO-{466AEDF3-FBAF-4297-98B5-B53E6FCF5864} - (no file)
BHO-{ECE8D5F8-0FE8-49CB-96D0-07CEDBE1C92E} - (no file)
HKLM-Run-CPM33fd312e - c:\windows\system32\nukatojo.dll
ShellExecuteHooks-{ECE8D5F8-0FE8-49CB-96D0-07CEDBE1C92E} - (no file)
Notify-pmkji - c:\windows\system32\pmkji.dll
Notify-sstqr - c:\windows\system32\sstqr.dll
Notify-xxyxvtt - xxyxvtt.dll


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = iexplore
IE: Chercher avec Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: antimalwareguard.com
Trusted Zone: live.com\login
Trusted Zone: msn.com\by131fd.bay131.hotmail
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/o2cplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 14:38
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-3651597601-842898512-1207849988-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2144)
c:\windows\Windll32\GGPN.007
c:\windows\Windll32\GGPN.006
c:\windows\system32\TDispVol.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Toshiba\Commandes TOSHIBA\TFncKy.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\hpzipm12.exe
c:\program files\HP\hpcoretech\comp\hpdarc.exe
.
**************************************************************************
.
Heure de fin: 2009-05-19 14:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-19 18:44

Avant-CF: 58 488 291 328 octets libres
Après-CF: 58 447 683 584 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

250 --- E O F --- 2009-05-13 14:37


en plus j'ai 3 dll qui me cause problème : C:\windows\system32\nukatojo.dll
C:\WINDOWS\system32\wusorevu.dll
C:\windows\system32\pinoteye.dll
0
Réponse 8 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2009 à 21:24
oui j'ai vu! pour les 3 fichiers!


vire ce qui est en quarantiane dans malwarebyte

puis

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:files
c:\windows\system32\nukatojo.dll
c:\windows\system32\wusorevo.dll
c:\windows\system32\pinoteye.dll
c:\windows\system32\pinoteye.dll.vir
c:\windows\system32\nukatojo.dll.vir
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ps : pas besoin de m´envoyer le rapport si tout a été supprimé

_______________________


colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

________________


a plus
0
Réponse 9 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
19 mai 2009 à 22:15
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
LoadLibrary failed for c:\windows\system32\nukatojo.dll
c:\windows\system32\nukatojo.dll NOT unregistered.
c:\windows\system32\nukatojo.dll moved successfully.
LoadLibrary failed for c:\windows\system32\wusorevo.dll
c:\windows\system32\wusorevo.dll NOT unregistered.
c:\windows\system32\wusorevo.dll moved successfully.
LoadLibrary failed for c:\windows\system32\pinoteye.dll
c:\windows\system32\pinoteye.dll NOT unregistered.
c:\windows\system32\pinoteye.dll moved successfully.
File/Folder c:\windows\system32\pinoteye.dll.vir not found.
File/Folder c:\windows\system32\nukatojo.dll.vir not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\Perflib_Perfdata_710.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\Perflib_Perfdata_bc.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\Perflib_Perfdata_eb4.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF8F8F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF9211.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF92BD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF92C9.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF9F44.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF9F52.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DFD9BD.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Anthony\LOCALS~1\Temp\~WRF0000.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\PTH44PMC\01[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\affich-12525018-virus-dans-mon-portable[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\google_ca[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\LoadSession[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\Term[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\default[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\im[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\InboxLight[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\Term[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\ToastFull[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\ToastMini[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\9DAFGQZ1\Quitter[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_152750

Files moved on Reboot...
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\Perflib_Perfdata_710.dat not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\Perflib_Perfdata_bc.dat not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\Perflib_Perfdata_eb4.dat not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF8F8F.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF9211.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF92BD.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF92C9.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF9F44.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DF9F52.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~DFD9BD.tmp not found!
File C:\DOCUME~1\Anthony\LOCALS~1\Temp\~WRF0000.tmp not found!
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\PTH44PMC\01[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\affich-12525018-virus-dans-mon-portable[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\google_ca[2].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\LoadSession[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\OECZFR5K\Term[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\default[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\im[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\InboxLight[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\Term[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\ToastFull[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\JRPOMYWI\ToastMini[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\9DAFGQZ1\Quitter[1].htm moved successfully.
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.


bitdefender:

BitDefender Online Scanner



Rapport d'analyse généré à: Tue, May 19, 2009 - 16:08:33





Voie d'analyse: C:\;D:\;E:\;







Statistiques

Temps
00:22:11

Fichiers
148198

Directoires
7232

Secteurs de boot
0

Archives
1259

Paquets programmes
11425




Résultats

Virus identifiés
13

Fichiers infectés
32

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
33




Info sur les moteurs

Définition virus
3004582

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe=>(Quarantine-2)=>wise0025
Détecté avec: Adware.Whenu.BSR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe=>(Quarantine-2)=>wise0025
Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe=>(Quarantine-2)
Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe=>(Quarantine-2)=>(Embedded EXE r)=>wise0025
Détecté avec: Adware.Whenu.BSR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe=>(Quarantine-2)=>(Embedded EXE r)=>wise0025
Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe=>(Quarantine-2)=>(Embedded EXE r)
Echec de la mise à jour

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F47226C.exe=>(Quarantine-2)
Détecté avec: Adware.Whenu.BSR

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F47226C.exe=>(Quarantine-2)
Supprimé

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F47226C.exe
Supprimé

C:\Documents and Settings\Anthony\Mes documents\Nouveau dossier\Keymaker\Keymaker.exe
Infecté par: Trojan.Generic.97050

C:\Documents and Settings\Anthony\Mes documents\Nouveau dossier\Keymaker\Keymaker.exe
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>wise0027
Détecté avec: Adware.180solutions.AO

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>wise0027
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
Echec de la mise à jour

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>wise0028
Infecté par: Trojan.Generic.886992

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>wise0028
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
Echec de la mise à jour

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>wise0030
Détecté avec: Adware.Toolbar.Mywebsearch.I

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>wise0030
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
Echec de la mise à jour

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)=>wise0027
Détecté avec: Adware.180solutions.AO

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)=>wise0027
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)
Echec de la mise à jour

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)=>wise0028
Infecté par: Trojan.Generic.886992

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)=>wise0028
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)
Echec de la mise à jour

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)=>wise0030
Détecté avec: Adware.Toolbar.Mywebsearch.I

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)=>wise0030
Supprimé

C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe=>(Embedded EXE r)
Echec de la mise à jour

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0051893.sys
Infecté par: Trojan.Generic.1622667

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0051893.sys
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0052911.sys
Infecté par: Trojan.Generic.1622667

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0052911.sys
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054920.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054920.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054920.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054921.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054921.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054921.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054922.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054922.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP132\A0054922.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP135\A0055069.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP135\A0055069.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP135\A0055069.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055420.dll
Infecté par: Gen:Trojan.Heur.P5008F7B7B7

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055420.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055420.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055421.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055421.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055421.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055422.dll
Infecté par: Gen:Trojan.Heur.P5008F7B7B7

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055422.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055422.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.exe
Infecté par: Trojan.Generic.1755797

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.exe
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)
Echec de la mise à jour

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.003
Détecté avec: Application.Keylog.Ardamax.DLO

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.003
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.003
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)
Echec de la mise à jour

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.004
Infecté par: Trojan.Dropper.Ardamax.P

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.004
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)
Echec de la mise à jour

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.006
Infecté par: Trojan.Keylog.Ardamax.NAL

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.006
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)
Echec de la mise à jour

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.007
Infecté par: Trojan.Keylog.Ardamax.NAL

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)=>Windll32\GGPN.007
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055447.exe=>(RAR Sfx o)
Echec de la mise à jour

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055451.dll
Infecté par: Gen:Trojan.Heur.P5008F7B7B7

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055451.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055451.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055454.dll
Infecté par: Gen:Trojan.Heur.P4018E7A7A7

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055454.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055454.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055455.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055455.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055455.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055458.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055458.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055458.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055459.dll
Infecté par: Gen:Trojan.Heur.P5008F7B7B7

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055459.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055459.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055564.dll
Infecté par: Trojan.Vundo.GNF

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055564.dll
Echec de la désinfection

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055564.dll
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055568.exe=>(Quarantine-2)
Détecté avec: Adware.Whenu.BSR

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055568.exe=>(Quarantine-2)
Supprimé

C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP137\A0055568.exe
Supprimé

C:\WINDOWS\Windll32\GGPN.exe
Infecté par: Trojan.Generic.1755797

C:\WINDOWS\Windll32\GGPN.exe
Echec de la suppression



Alors tout est beau ?
0
Réponse 10 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
19 mai 2009 à 22:21
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:files
C:\WINDOWS\Windll32\GGPN.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10F8581E.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F47226C.exe
C:\Documents and Settings\Anthony\Mes documents\Nouveau dossier\Keymaker\Keymaker.exe
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________

Télécharge ToolsCleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

_________________________


Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com

_________________________

remets un rapport RSIT et dis si encore des soucis

a plus
0
Réponse 11 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
19 mai 2009 à 22:49
Hey merci bcp mon portable est comme neuf !!! dernière petite question... comment faire pour ne pas ravoir ce problème et que je n'aie pas a refaire tjrs ces étapes... y'a t-il un programme pour que je puisse faire le ménage une fois de temps en temps ??
0
Réponse 12 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 mai 2009 à 11:11
tu peux remettre un rapport RSIT pour etre sûr!



________________

il faudra mettre a jour windows avec le sp3, internet explorer avec la version 8



sinon
pour protéger gratos ton ordi

https://www.commentcamarche.net/telecharger/ 4 securite


vacciner son ordi après avoir branché toutes ses clés usb avec usbfix ou flash disinfector ou rav antivirus car beaucoup actuellement transitent par les supports externes :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

---------
mettre un antivirus

ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
https://www.avira.com/fr/free-antivirus-windows
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR ou SPYWARE GUARD
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.01net.com/
https://www.zonealarm.com/software/free-firewall

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
0
Réponse 13 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
20 mai 2009 à 20:37
Logfile of random's system information tool 1.06 (written by random/random)
Run by Anthony at 2009-05-20 14:37:02
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 57 GB (60%) free of 95 GB
Total RAM: 1022 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:37:16, on 2009-05-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Axon Data\AxCrypt\1.6.4.4\AxCrypt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\Y1OCRJM5\RSIT[1].exe
C:\Program Files\trend micro\Anthony.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE Privacy Keeper - Last IE Window Detector - {1201333E-BAD9-481C-BCF5-6904498CF85B} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPKbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.antimalwareguard.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/...
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayer.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\nukatojo.dll,C:\WINDOWS\system32\wusorevo.dll c:\windows\system32\pinoteye.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
0
Réponse 14 / 15
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
21 mai 2009 à 11:59
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:processes
explorer.exe
:files
C:\WINDOWS\system32\oyputvfn.dll
:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2chkdsk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_______________________

Télécharge ToolsCleaner sur ton bureau.
--> https://www.commentcamarche.net/telecharger/ 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

ps : pas besoin de m´envoyer le rapport si tout a été supprimé

_______________________



mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

pour VISTA:
http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe

_____________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

ou passer a un navigateur alternatif ce qui évitera les virus circulant via les PDF comme foxit reader (ne pas metre les barres foxit, ask, ebay..)

http://www.commentcamarche.net/telecharger/telechargement 205 foxit reader


_____________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.

_______________

il faudrait mettre le sp3 de windows
__________

voilà c'est bon pour toi
0
Réponse 15 / 15
superman1221 Messages postés 128 Date d'inscription mercredi 11 février 2009 Statut Membre Dernière intervention 4 juin 2012 3
22 mai 2009 à 23:22
hey merci bcp c'est vrm gentil !!! té un champion ;)
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Annuaire portable gratuit à partir d'un nom
dani26 -
Authority -

9 réponses
Comment trouver un numéro à partir du nom et prénom
papillon -
guyguy -

10 réponses