Analyse hijackthis pour nettoyage svchost
Fermé
Jean Ba
-
4 nov. 2009 à 23:46
crapoulou Messages postés 28161 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 - 29 nov. 2009 à 23:23
crapoulou Messages postés 28161 Date d'inscription mercredi 28 novembre 2007 Statut Modérateur, Contributeur sécurité Dernière intervention 21 mai 2024 - 29 nov. 2009 à 23:23
A voir également:
- Analyse hijackthis pour nettoyage svchost
- Svchost - Guide
- Nettoyage mac - Guide
- Nettoyage pc lent - Guide
- Nettoyage de disque - Guide
- Nettoyage pc gratuit - Guide
24 réponses
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
8 nov. 2009 à 17:35
8 nov. 2009 à 17:35
Vide la quarantaine de MBAM.
Supprime ce dossier :
*****
Comme quoi, des mises à jour ... ça peut servir !
Poste un nouveau rapport RSIT stp.
Supprime ce dossier :
C:\quarantine
*****
Comme quoi, des mises à jour ... ça peut servir !
Poste un nouveau rapport RSIT stp.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
5 nov. 2009 à 23:31
5 nov. 2009 à 23:31
Ouou !
Je vois rarement un aussi "beau rapport" !
Tout ce qui est dans ceci est infectieux :
ça fait une belle liste (rien que pour une infection USB !)
*********
Nettoyage avec UsbFix :
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d’avoir été infectés sans les ouvrir !
*Double clique sur le raccourci UsbFix présent sur ton bureau.
* Choisis l’option 2 (Suppression)
* Ton bureau disparaîtra et le PC redémarrera.
* Au redémarrage, UsbFix scannera ton PC. Laisse travailler l’outil.
* Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaitra avec le bureau.
Note :
Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
Je vois rarement un aussi "beau rapport" !
Tout ce qui est dans ceci est infectieux :
################## | Fichiers # Dossiers infectieux |
ça fait une belle liste (rien que pour une infection USB !)
*********
Nettoyage avec UsbFix :
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d’avoir été infectés sans les ouvrir !
*Double clique sur le raccourci UsbFix présent sur ton bureau.
* Choisis l’option 2 (Suppression)
* Ton bureau disparaîtra et le PC redémarrera.
* Au redémarrage, UsbFix scannera ton PC. Laisse travailler l’outil.
* Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaitra avec le bureau.
Note :
Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
Oh ba miiiiiiiiiiiince j'étais persuadé d'avoir posté mon nouveau rapport jeudi soir !!!
Bon ba je le refais !!
Merci Crapoulou pour ton aide !!
############################## | UsbFix V6.048 |
User : abouchou () # FRRENN0X00671
Update on 04/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:40:01 | 05/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.7.0.570 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 29,29 Go (2,35 Go free) [SYSTEME] # NTFS
D:\ -> Disque fixe local # 82,49 Go (20,39 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 465,65 Go (132,49 Go free) [My Passport] # FAT32
W:\ -> Disque amovible # 3,73 Go (2,05 Go free) # FAT32
Z:\ -> Connexion réseau
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 1380
C:\WINDOWS\system32\csrss.exe 1588
C:\WINDOWS\system32\winlogon.exe 1612
C:\WINDOWS\system32\services.exe 1660
C:\WINDOWS\system32\lsass.exe 1672
C:\WINDOWS\system32\svchost.exe 1832
C:\WINDOWS\system32\svchost.exe 1912
C:\WINDOWS\System32\svchost.exe 400
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 428
C:\WINDOWS\system32\svchost.exe 448
C:\WINDOWS\system32\svchost.exe 628
C:\WINDOWS\system32\svchost.exe 1308
C:\WINDOWS\system32\ngvpnmgr.exe 1328
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 164
C:\WINDOWS\system32\spoolsv.exe 956
C:\WINDOWS\System32\SCardSvr.exe 1000
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1440
C:\WINDOWS\system32\ROMServ.exe 1464
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe 1496
C:\WINDOWS\system32\svchost.exe 1516
C:\Program Files\IPSec Client\LucentIKESvc.exe 1560
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe 1568
C:\Program Files\IPSec Client\LucentIKE.exe 1572
C:\Program Files\McAfee\Common Framework\FrameworkService.exe 1796
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe 800
C:\WINDOWS\system32\mfevtps.exe 1036
C:\WINDOWS\System32\svchost.exe 1084
C:\WINDOWS\System32\svchost.exe 1136
C:\WINDOWS\system32\svchost.exe 264
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 656
C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe 760
C:\Program Files\VMware\VMware Server\vmware-authd.exe 824
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe 1228
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe 592
C:\Program Files\Citrix\Client ICA\ssonsvr.exe 1892
C:\WINDOWS\system32\vmnat.exe 1988
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe 2404
C:\WINDOWS\Explorer.EXE 2744
C:\WINDOWS\system32\vmnetdhcp.exe 2832
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe 3064
C:\WINDOWS\AhnRpta.exe 3120
C:\WINDOWS\system32\CCM\CcmExec.exe 3144
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 3536
C:\WINDOWS\system32\wbem\wmiprvse.exe 3840
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\AhnRpta.exe
Supprimé ! C:\WINDOWS\system32\e8main0.dll
Supprimé ! C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds0.dll
Supprimé ! C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds1.dll
Supprimé ! C:\DOCUME~1\abouchou\LOCALS~1\Temp\herss.exe
Supprimé ! C:\1di1w.exe
Supprimé ! C:\3n8awsyg.exe
Supprimé ! C:\9b9w3.exe
Supprimé ! C:\b00ijwpu.exe
Supprimé ! C:\eexyv.exe
Supprimé ! C:\hjvjte.exe
Supprimé ! C:\mwfubaob.exe
Supprimé ! C:\nds0q.exe
Supprimé ! C:\qbr2q.exe
Supprimé ! C:\se12ydam.exe
Supprimé ! C:\uqgvf.exe
Supprimé ! C:\vb0hsoay.exe
Supprimé ! C:\vlvtdflx.exe
Supprimé ! C:\wcgswa.exe
Supprimé ! C:\wrsf.exe
Supprimé ! C:\y8.exe
Supprimé ! D:\0fkk02x.exe
Supprimé ! D:\10nb.exe
Supprimé ! D:\1di1w.exe
Supprimé ! D:\2o1ajagt.exe
Supprimé ! D:\3c.exe
Supprimé ! D:\3n8awsyg.exe
Supprimé ! D:\3yalgc.exe
Supprimé ! D:\86.exe
Supprimé ! D:\9b9w3.exe
Supprimé ! D:\9jyhdim8.exe
Supprimé ! D:\b.bat
Supprimé ! D:\b00ijwpu.exe
Supprimé ! D:\bycfht.exe
Supprimé ! D:\cj3k.exe
Supprimé ! D:\ctu8r.exe
Supprimé ! D:\dogyx90.exe
Supprimé ! D:\eexyv.exe
Supprimé ! D:\ewqij.bat
Supprimé ! D:\f9o8o.exe
Supprimé ! D:\g8k.exe
Supprimé ! D:\hjvjte.exe
Supprimé ! D:\hx.exe
Supprimé ! D:\i0yva6.exe
Supprimé ! D:\kgji.exe
Supprimé ! D:\l6jj.exe
Supprimé ! D:\lcw.exe
Supprimé ! D:\lhh3v.exe
Supprimé ! D:\m.exe
Supprimé ! D:\m1eqos3.exe
Supprimé ! D:\mjafm.exe
Supprimé ! D:\mranjm.exe
Supprimé ! D:\mt2.exe
Supprimé ! D:\mwfubaob.exe
Supprimé ! D:\nds0q.exe
Supprimé ! D:\nkv.bat
Supprimé ! D:\o9bxu.exe
Supprimé ! D:\ph.exe
Supprimé ! D:\qbr2q.exe
Supprimé ! D:\qcoageh.exe
Supprimé ! D:\qcod.exe
Supprimé ! D:\r2g20.exe
Supprimé ! D:\rg9g9bgq.exe
Supprimé ! D:\se12ydam.exe
Supprimé ! D:\sp1jensi.exe
Supprimé ! D:\t2hjo0.exe
Supprimé ! D:\t8s2x.exe
Supprimé ! D:\ucivd6xi.bat
Supprimé ! D:\uqgvf.exe
Supprimé ! D:\vb0hsoay.exe
Supprimé ! D:\vlvtdflx.exe
Supprimé ! D:\w9uxx92.exe
Supprimé ! D:\wcgswa.exe
Supprimé ! D:\wrsf.exe
Supprimé ! D:\y8.exe
Supprimé ! G:\0fkk02x.exe
Supprimé ! G:\1di1w.exe
Supprimé ! G:\9b9w3.exe
Supprimé ! G:\9jyhdim8.exe
Supprimé ! G:\ctu8r.exe
Supprimé ! G:\eexyv.exe
Supprimé ! G:\ewqij.bat
Supprimé ! G:\f9o8o.exe
Supprimé ! G:\hjvjte.exe
Supprimé ! G:\mqhnawe.bat
Supprimé ! G:\mranjm.exe
Supprimé ! G:\mwfubaob.exe
Supprimé ! G:\nds0q.exe
Supprimé ! G:\nkv.bat
Supprimé ! G:\qbr2q.exe
Supprimé ! G:\r2g20.exe
Supprimé ! G:\rg9g9bgq.exe
Supprimé ! G:\rx.exe
Supprimé ! G:\t2hjo0.exe
Supprimé ! G:\ucivd6xi.bat
Supprimé ! G:\vlvtdflx.exe
Supprimé ! G:\wbj.exe
Supprimé ! G:\wcgswa.exe
Supprimé ! G:\wrsf.exe
Supprimé ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimé ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
Supprimé ! W:\22yj2fy1.exe
Supprimé ! W:\hifdmgt.com
Supprimé ! W:\ix8bmwx.bat
Supprimé ! W:\p.exe
Supprimé ! W:\ukvr.bat
Supprimé ! W:\wbj.exe
Supprimé ! W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimé ! W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registre # Clés Run infectieuses |
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
Supprimé ! [HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"
Supprimé ! [HKCR\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{2a45a7c2-0ef4-11dd-a7b2-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4b3d9b61-72ad-11de-abb9-00226464a6bd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4b3d9b62-72ad-11de-abb9-00226464a6bd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6f4c89ec-6cf8-11dc-a61f-0017a4e3ffc8}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9f4624d6-b818-11de-ac69-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a17da84c-bb6c-11de-ac70-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b3dee6cd-2fc1-11dd-a80d-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c5c6325c-7119-11de-abb4-00226464a6bd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d47c4b09-8e99-11dc-a677-001a6b7348b9}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[25/11/2008 16:07|---------|1024] C:\.rnd
[26/03/2009 20:41|---------|10698380] C:\82_no artist - Daddy Yankee _ Ella Me Levanto.wav
[29/06/2009 09:14|--a------|299] C:\ag_CONNEXIONNET.ini
[26/09/2007 14:15|---------|319] C:\ag_FRRENN0X00671.ini
[21/05/2008 10:11|---------|281144] C:\annonce
[05/11/2009 17:04|--a------|128] C:\appliid.txt
[11/06/2007 14:01|---------|0] C:\AUTOEXEC.BAT
[12/06/2007 14:16|-r-hs----|212] C:\boot.ini
[05/08/2004 13:00|-r-hs----|4952] C:\Bootfont.bin
[11/06/2007 14:01|---------|0] C:\CONFIG.SYS
[12/06/2009 07:43|--a------|347] C:\CONNEXIONNET-secu.txt
[07/02/2008 22:50|---------|125] C:\CountCyclesWMVDecLog.txt
[05/11/2009 08:41|--a------|348] C:\FRRENN0X00671-secu.txt
[11/06/2007 14:01|-r-hs----|0] C:\IO.SYS
[05/11/2009 17:22|--a------|2900] C:\JBSEQ.TXT
[11/06/2007 14:01|-r-hs----|0] C:\MSDOS.SYS
[05/11/2009 23:48|--a------|15262] C:\MyVat.txt
[05/08/2004 13:00|-r-hs----|47564] C:\NTDETECT.COM
[05/08/2004 13:00|-r-hs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[05/11/2009 23:39|--a------|366430] C:\ptdebug.txt
[18/05/2009 20:29|---------|39992] C:\report.zip
[03/09/2009 07:37|--ah-----|232] C:\sqmdata00.sqm
[03/09/2009 11:17|--ah-----|232] C:\sqmdata01.sqm
[04/09/2009 08:26|--ah-----|232] C:\sqmdata02.sqm
[05/09/2009 16:34|--ah-----|232] C:\sqmdata03.sqm
[07/09/2009 08:42|--ah-----|232] C:\sqmdata04.sqm
[11/08/2009 15:15|--ah-----|232] C:\sqmdata05.sqm
[11/08/2009 19:36|--ah-----|232] C:\sqmdata06.sqm
[11/08/2009 19:47|--ah-----|232] C:\sqmdata07.sqm
[12/08/2009 08:00|--ah-----|232] C:\sqmdata08.sqm
[12/08/2009 14:13|--ah-----|232] C:\sqmdata09.sqm
[12/08/2009 19:27|--ah-----|232] C:\sqmdata10.sqm
[13/08/2009 09:52|--ah-----|232] C:\sqmdata11.sqm
[13/08/2009 18:43|--ah-----|232] C:\sqmdata12.sqm
[14/08/2009 07:36|--ah-----|232] C:\sqmdata13.sqm
[15/08/2009 00:47|--ah-----|232] C:\sqmdata14.sqm
[30/08/2009 14:07|--ah-----|232] C:\sqmdata15.sqm
[31/08/2009 10:32|--ah-----|232] C:\sqmdata16.sqm
[31/08/2009 11:54|--ah-----|232] C:\sqmdata17.sqm
[01/09/2009 07:57|--ah-----|232] C:\sqmdata18.sqm
[02/09/2009 08:04|--ah-----|232] C:\sqmdata19.sqm
[03/09/2009 07:37|--ah-----|244] C:\sqmnoopt00.sqm
[03/09/2009 11:17|--ah-----|244] C:\sqmnoopt01.sqm
[04/09/2009 08:26|--ah-----|244] C:\sqmnoopt02.sqm
[05/09/2009 16:34|--ah-----|244] C:\sqmnoopt03.sqm
[07/09/2009 08:42|--ah-----|244] C:\sqmnoopt04.sqm
[11/08/2009 15:15|--ah-----|244] C:\sqmnoopt05.sqm
[11/08/2009 19:36|--ah-----|244] C:\sqmnoopt06.sqm
[11/08/2009 19:47|--ah-----|244] C:\sqmnoopt07.sqm
[12/08/2009 08:00|--ah-----|244] C:\sqmnoopt08.sqm
[12/08/2009 14:13|--ah-----|244] C:\sqmnoopt09.sqm
[12/08/2009 19:27|--ah-----|244] C:\sqmnoopt10.sqm
[13/08/2009 09:52|--ah-----|244] C:\sqmnoopt11.sqm
[13/08/2009 18:43|--ah-----|244] C:\sqmnoopt12.sqm
[14/08/2009 07:36|--ah-----|244] C:\sqmnoopt13.sqm
[15/08/2009 00:47|--ah-----|244] C:\sqmnoopt14.sqm
[30/08/2009 14:07|--ah-----|244] C:\sqmnoopt15.sqm
[31/08/2009 10:32|--ah-----|244] C:\sqmnoopt16.sqm
[31/08/2009 11:54|--ah-----|244] C:\sqmnoopt17.sqm
[01/09/2009 07:57|--ah-----|244] C:\sqmnoopt18.sqm
[02/09/2009 08:04|--ah-----|244] C:\sqmnoopt19.sqm
[05/11/2009 08:42|-r-hs----|114304] C:\srgo.exe
[14/05/2009 08:57|--a------|1399] C:\tomixca_cert.pem
[05/11/2009 23:48|--a------|11505] C:\UsbFix.txt
[29/06/2009 09:14|--a------|1649] C:\VSCONNEXIONNET.ini
[26/09/2007 14:15|---------|1208] C:\VSFRRENN0X00671.ini
[01/10/2008 22:15|---------|135] C:\VundoFix.txt
[29/08/2009 17:31|-r-hs----|112225] C:\xbvv0.exe
[27/09/2007 16:18|---------|146] C:\YServer.txt
[18/05/2009 20:29|---------|254986] C:\_crash.dmp
[18/05/2009 20:29|---------|119248] C:\_crash.log
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.
# W:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\SSH Communications Security\SSH Secure Shell\ssh-keygen2.exe"
08/10/2003 09:36 |Size 790528 |Crc32 a98c744c |Md5 5c690a9c9f8948b3390a78409fdbcfe8
Bon ba je le refais !!
Merci Crapoulou pour ton aide !!
############################## | UsbFix V6.048 |
User : abouchou () # FRRENN0X00671
Update on 04/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:40:01 | 05/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : McAfee VirusScan Enterprise 8.7.0.570 [ Enabled | (!) Outdated ]
C:\ -> Disque fixe local # 29,29 Go (2,35 Go free) [SYSTEME] # NTFS
D:\ -> Disque fixe local # 82,49 Go (20,39 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 465,65 Go (132,49 Go free) [My Passport] # FAT32
W:\ -> Disque amovible # 3,73 Go (2,05 Go free) # FAT32
Z:\ -> Connexion réseau
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 1380
C:\WINDOWS\system32\csrss.exe 1588
C:\WINDOWS\system32\winlogon.exe 1612
C:\WINDOWS\system32\services.exe 1660
C:\WINDOWS\system32\lsass.exe 1672
C:\WINDOWS\system32\svchost.exe 1832
C:\WINDOWS\system32\svchost.exe 1912
C:\WINDOWS\System32\svchost.exe 400
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 428
C:\WINDOWS\system32\svchost.exe 448
C:\WINDOWS\system32\svchost.exe 628
C:\WINDOWS\system32\svchost.exe 1308
C:\WINDOWS\system32\ngvpnmgr.exe 1328
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 164
C:\WINDOWS\system32\spoolsv.exe 956
C:\WINDOWS\System32\SCardSvr.exe 1000
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1440
C:\WINDOWS\system32\ROMServ.exe 1464
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe 1496
C:\WINDOWS\system32\svchost.exe 1516
C:\Program Files\IPSec Client\LucentIKESvc.exe 1560
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe 1568
C:\Program Files\IPSec Client\LucentIKE.exe 1572
C:\Program Files\McAfee\Common Framework\FrameworkService.exe 1796
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe 800
C:\WINDOWS\system32\mfevtps.exe 1036
C:\WINDOWS\System32\svchost.exe 1084
C:\WINDOWS\System32\svchost.exe 1136
C:\WINDOWS\system32\svchost.exe 264
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 656
C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe 760
C:\Program Files\VMware\VMware Server\vmware-authd.exe 824
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe 1228
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe 592
C:\Program Files\Citrix\Client ICA\ssonsvr.exe 1892
C:\WINDOWS\system32\vmnat.exe 1988
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe 2404
C:\WINDOWS\Explorer.EXE 2744
C:\WINDOWS\system32\vmnetdhcp.exe 2832
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe 3064
C:\WINDOWS\AhnRpta.exe 3120
C:\WINDOWS\system32\CCM\CcmExec.exe 3144
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 3536
C:\WINDOWS\system32\wbem\wmiprvse.exe 3840
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\AhnRpta.exe
Supprimé ! C:\WINDOWS\system32\e8main0.dll
Supprimé ! C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds0.dll
Supprimé ! C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds1.dll
Supprimé ! C:\DOCUME~1\abouchou\LOCALS~1\Temp\herss.exe
Supprimé ! C:\1di1w.exe
Supprimé ! C:\3n8awsyg.exe
Supprimé ! C:\9b9w3.exe
Supprimé ! C:\b00ijwpu.exe
Supprimé ! C:\eexyv.exe
Supprimé ! C:\hjvjte.exe
Supprimé ! C:\mwfubaob.exe
Supprimé ! C:\nds0q.exe
Supprimé ! C:\qbr2q.exe
Supprimé ! C:\se12ydam.exe
Supprimé ! C:\uqgvf.exe
Supprimé ! C:\vb0hsoay.exe
Supprimé ! C:\vlvtdflx.exe
Supprimé ! C:\wcgswa.exe
Supprimé ! C:\wrsf.exe
Supprimé ! C:\y8.exe
Supprimé ! D:\0fkk02x.exe
Supprimé ! D:\10nb.exe
Supprimé ! D:\1di1w.exe
Supprimé ! D:\2o1ajagt.exe
Supprimé ! D:\3c.exe
Supprimé ! D:\3n8awsyg.exe
Supprimé ! D:\3yalgc.exe
Supprimé ! D:\86.exe
Supprimé ! D:\9b9w3.exe
Supprimé ! D:\9jyhdim8.exe
Supprimé ! D:\b.bat
Supprimé ! D:\b00ijwpu.exe
Supprimé ! D:\bycfht.exe
Supprimé ! D:\cj3k.exe
Supprimé ! D:\ctu8r.exe
Supprimé ! D:\dogyx90.exe
Supprimé ! D:\eexyv.exe
Supprimé ! D:\ewqij.bat
Supprimé ! D:\f9o8o.exe
Supprimé ! D:\g8k.exe
Supprimé ! D:\hjvjte.exe
Supprimé ! D:\hx.exe
Supprimé ! D:\i0yva6.exe
Supprimé ! D:\kgji.exe
Supprimé ! D:\l6jj.exe
Supprimé ! D:\lcw.exe
Supprimé ! D:\lhh3v.exe
Supprimé ! D:\m.exe
Supprimé ! D:\m1eqos3.exe
Supprimé ! D:\mjafm.exe
Supprimé ! D:\mranjm.exe
Supprimé ! D:\mt2.exe
Supprimé ! D:\mwfubaob.exe
Supprimé ! D:\nds0q.exe
Supprimé ! D:\nkv.bat
Supprimé ! D:\o9bxu.exe
Supprimé ! D:\ph.exe
Supprimé ! D:\qbr2q.exe
Supprimé ! D:\qcoageh.exe
Supprimé ! D:\qcod.exe
Supprimé ! D:\r2g20.exe
Supprimé ! D:\rg9g9bgq.exe
Supprimé ! D:\se12ydam.exe
Supprimé ! D:\sp1jensi.exe
Supprimé ! D:\t2hjo0.exe
Supprimé ! D:\t8s2x.exe
Supprimé ! D:\ucivd6xi.bat
Supprimé ! D:\uqgvf.exe
Supprimé ! D:\vb0hsoay.exe
Supprimé ! D:\vlvtdflx.exe
Supprimé ! D:\w9uxx92.exe
Supprimé ! D:\wcgswa.exe
Supprimé ! D:\wrsf.exe
Supprimé ! D:\y8.exe
Supprimé ! G:\0fkk02x.exe
Supprimé ! G:\1di1w.exe
Supprimé ! G:\9b9w3.exe
Supprimé ! G:\9jyhdim8.exe
Supprimé ! G:\ctu8r.exe
Supprimé ! G:\eexyv.exe
Supprimé ! G:\ewqij.bat
Supprimé ! G:\f9o8o.exe
Supprimé ! G:\hjvjte.exe
Supprimé ! G:\mqhnawe.bat
Supprimé ! G:\mranjm.exe
Supprimé ! G:\mwfubaob.exe
Supprimé ! G:\nds0q.exe
Supprimé ! G:\nkv.bat
Supprimé ! G:\qbr2q.exe
Supprimé ! G:\r2g20.exe
Supprimé ! G:\rg9g9bgq.exe
Supprimé ! G:\rx.exe
Supprimé ! G:\t2hjo0.exe
Supprimé ! G:\ucivd6xi.bat
Supprimé ! G:\vlvtdflx.exe
Supprimé ! G:\wbj.exe
Supprimé ! G:\wcgswa.exe
Supprimé ! G:\wrsf.exe
Supprimé ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimé ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
Supprimé ! W:\22yj2fy1.exe
Supprimé ! W:\hifdmgt.com
Supprimé ! W:\ix8bmwx.bat
Supprimé ! W:\p.exe
Supprimé ! W:\ukvr.bat
Supprimé ! W:\wbj.exe
Supprimé ! W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimé ! W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registre # Clés Run infectieuses |
Supprimé ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
Supprimé ! [HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
Supprimé ! [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"
Supprimé ! [HKCR\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoFind"
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRun"
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{2a45a7c2-0ef4-11dd-a7b2-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4b3d9b61-72ad-11de-abb9-00226464a6bd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{4b3d9b62-72ad-11de-abb9-00226464a6bd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6f4c89ec-6cf8-11dc-a61f-0017a4e3ffc8}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9f4624d6-b818-11de-ac69-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a17da84c-bb6c-11de-ac70-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{b3dee6cd-2fc1-11dd-a80d-001a6b7348b9}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c5c6325c-7119-11de-abb4-00226464a6bd}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d47c4b09-8e99-11dc-a677-001a6b7348b9}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[25/11/2008 16:07|---------|1024] C:\.rnd
[26/03/2009 20:41|---------|10698380] C:\82_no artist - Daddy Yankee _ Ella Me Levanto.wav
[29/06/2009 09:14|--a------|299] C:\ag_CONNEXIONNET.ini
[26/09/2007 14:15|---------|319] C:\ag_FRRENN0X00671.ini
[21/05/2008 10:11|---------|281144] C:\annonce
[05/11/2009 17:04|--a------|128] C:\appliid.txt
[11/06/2007 14:01|---------|0] C:\AUTOEXEC.BAT
[12/06/2007 14:16|-r-hs----|212] C:\boot.ini
[05/08/2004 13:00|-r-hs----|4952] C:\Bootfont.bin
[11/06/2007 14:01|---------|0] C:\CONFIG.SYS
[12/06/2009 07:43|--a------|347] C:\CONNEXIONNET-secu.txt
[07/02/2008 22:50|---------|125] C:\CountCyclesWMVDecLog.txt
[05/11/2009 08:41|--a------|348] C:\FRRENN0X00671-secu.txt
[11/06/2007 14:01|-r-hs----|0] C:\IO.SYS
[05/11/2009 17:22|--a------|2900] C:\JBSEQ.TXT
[11/06/2007 14:01|-r-hs----|0] C:\MSDOS.SYS
[05/11/2009 23:48|--a------|15262] C:\MyVat.txt
[05/08/2004 13:00|-r-hs----|47564] C:\NTDETECT.COM
[05/08/2004 13:00|-r-hs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[05/11/2009 23:39|--a------|366430] C:\ptdebug.txt
[18/05/2009 20:29|---------|39992] C:\report.zip
[03/09/2009 07:37|--ah-----|232] C:\sqmdata00.sqm
[03/09/2009 11:17|--ah-----|232] C:\sqmdata01.sqm
[04/09/2009 08:26|--ah-----|232] C:\sqmdata02.sqm
[05/09/2009 16:34|--ah-----|232] C:\sqmdata03.sqm
[07/09/2009 08:42|--ah-----|232] C:\sqmdata04.sqm
[11/08/2009 15:15|--ah-----|232] C:\sqmdata05.sqm
[11/08/2009 19:36|--ah-----|232] C:\sqmdata06.sqm
[11/08/2009 19:47|--ah-----|232] C:\sqmdata07.sqm
[12/08/2009 08:00|--ah-----|232] C:\sqmdata08.sqm
[12/08/2009 14:13|--ah-----|232] C:\sqmdata09.sqm
[12/08/2009 19:27|--ah-----|232] C:\sqmdata10.sqm
[13/08/2009 09:52|--ah-----|232] C:\sqmdata11.sqm
[13/08/2009 18:43|--ah-----|232] C:\sqmdata12.sqm
[14/08/2009 07:36|--ah-----|232] C:\sqmdata13.sqm
[15/08/2009 00:47|--ah-----|232] C:\sqmdata14.sqm
[30/08/2009 14:07|--ah-----|232] C:\sqmdata15.sqm
[31/08/2009 10:32|--ah-----|232] C:\sqmdata16.sqm
[31/08/2009 11:54|--ah-----|232] C:\sqmdata17.sqm
[01/09/2009 07:57|--ah-----|232] C:\sqmdata18.sqm
[02/09/2009 08:04|--ah-----|232] C:\sqmdata19.sqm
[03/09/2009 07:37|--ah-----|244] C:\sqmnoopt00.sqm
[03/09/2009 11:17|--ah-----|244] C:\sqmnoopt01.sqm
[04/09/2009 08:26|--ah-----|244] C:\sqmnoopt02.sqm
[05/09/2009 16:34|--ah-----|244] C:\sqmnoopt03.sqm
[07/09/2009 08:42|--ah-----|244] C:\sqmnoopt04.sqm
[11/08/2009 15:15|--ah-----|244] C:\sqmnoopt05.sqm
[11/08/2009 19:36|--ah-----|244] C:\sqmnoopt06.sqm
[11/08/2009 19:47|--ah-----|244] C:\sqmnoopt07.sqm
[12/08/2009 08:00|--ah-----|244] C:\sqmnoopt08.sqm
[12/08/2009 14:13|--ah-----|244] C:\sqmnoopt09.sqm
[12/08/2009 19:27|--ah-----|244] C:\sqmnoopt10.sqm
[13/08/2009 09:52|--ah-----|244] C:\sqmnoopt11.sqm
[13/08/2009 18:43|--ah-----|244] C:\sqmnoopt12.sqm
[14/08/2009 07:36|--ah-----|244] C:\sqmnoopt13.sqm
[15/08/2009 00:47|--ah-----|244] C:\sqmnoopt14.sqm
[30/08/2009 14:07|--ah-----|244] C:\sqmnoopt15.sqm
[31/08/2009 10:32|--ah-----|244] C:\sqmnoopt16.sqm
[31/08/2009 11:54|--ah-----|244] C:\sqmnoopt17.sqm
[01/09/2009 07:57|--ah-----|244] C:\sqmnoopt18.sqm
[02/09/2009 08:04|--ah-----|244] C:\sqmnoopt19.sqm
[05/11/2009 08:42|-r-hs----|114304] C:\srgo.exe
[14/05/2009 08:57|--a------|1399] C:\tomixca_cert.pem
[05/11/2009 23:48|--a------|11505] C:\UsbFix.txt
[29/06/2009 09:14|--a------|1649] C:\VSCONNEXIONNET.ini
[26/09/2007 14:15|---------|1208] C:\VSFRRENN0X00671.ini
[01/10/2008 22:15|---------|135] C:\VundoFix.txt
[29/08/2009 17:31|-r-hs----|112225] C:\xbvv0.exe
[27/09/2007 16:18|---------|146] C:\YServer.txt
[18/05/2009 20:29|---------|254986] C:\_crash.dmp
[18/05/2009 20:29|---------|119248] C:\_crash.log
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.
# W:\autorun.inf -> Dossier créé par UsbFix.
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\SSH Communications Security\SSH Secure Shell\ssh-keygen2.exe"
08/10/2003 09:36 |Size 790528 |Crc32 a98c744c |Md5 5c690a9c9f8948b3390a78409fdbcfe8
BeFaX
Messages postés
14245
Date d'inscription
mercredi 24 décembre 2008
Statut
Contributeur
Dernière intervention
6 août 2013
3 818
4 nov. 2009 à 23:52
4 nov. 2009 à 23:52
Ce qui n'est pas normal, c'est ceci :
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\TEMP\herss.exe
Télécharge, installe et met à jour Malwarebyte's Antimalware, et fais un examen rapide tout d'abord.
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\TEMP\herss.exe
Télécharge, installe et met à jour Malwarebyte's Antimalware, et fais un examen rapide tout d'abord.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
4 nov. 2009 à 23:52
4 nov. 2009 à 23:52
Salut,
La multiplicité de svchost n'est pas infectieux.
En revanche ton système est très infecté : infections Vundo et USB.
As-tu toutes les clés USB branchées sur ce PC à disposition (surtout celle de ton copain) ?
La multiplicité de svchost n'est pas infectieux.
En revanche ton système est très infecté : infections Vundo et USB.
As-tu toutes les clés USB branchées sur ce PC à disposition (surtout celle de ton copain) ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
5 nov. 2009 à 21:30
5 nov. 2009 à 21:30
Salut,
Je n'étais pas dispo aujourd'hui (dans la journée).
******
Vu que JB attend, je vais lui donner une procédure mais si tu veux prendre la suite, je n'oublie pas que t'es le permier.
*******
Tu es infecté par un ver qui se propage dans ton ordinateur par support amovibles (clé USB, disquettes, appareils photos numériques, disques durs externes, …)
Télécharge et installe UsbFix de C_XX & Chiquitine29 :
= = = = >>> En cliquant ici <<< = = = =
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d’avoir été infectés sans les ouvrir !
* Double clique sur le raccourci UsbFix présent sur ton bureau.
* Choisis l’option 1 (Recherche)
* Laisse travailler l’outil.
* Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaîtra.
Notes :
- Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller sur le forum).
- "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d’où l’alerte émise par ces antivirus.
Je n'étais pas dispo aujourd'hui (dans la journée).
******
Vu que JB attend, je vais lui donner une procédure mais si tu veux prendre la suite, je n'oublie pas que t'es le permier.
*******
Tu es infecté par un ver qui se propage dans ton ordinateur par support amovibles (clé USB, disquettes, appareils photos numériques, disques durs externes, …)
Télécharge et installe UsbFix de C_XX & Chiquitine29 :
= = = = >>> En cliquant ici <<< = = = =
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d’avoir été infectés sans les ouvrir !
* Double clique sur le raccourci UsbFix présent sur ton bureau.
* Choisis l’option 1 (Recherche)
* Laisse travailler l’outil.
* Ensuite poste l’intégralité du rapport UsbFix.txt qui apparaîtra.
Notes :
- Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller sur le forum).
- "Process.exe", une composante de l’outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s’agit pas d’un virus, mais d’un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d’où l’alerte émise par ces antivirus.
Merci !!!!!!!!!
Voilà le rapport USBFix:
############################## | UsbFix V6.048 |
User : abouchou () # FRRENN0X00671
Update on 04/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 22:45:39 | 05/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : McAfee VirusScan Enterprise 8.7.0.570 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local # 29,29 Go (2,34 Go free) [SYSTEME] # NTFS
D:\ -> Disque fixe local # 82,49 Go (20,39 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 465,65 Go (132,49 Go free) [My Passport] # FAT32
W:\ -> Disque amovible # 3,73 Go (2,05 Go free) # FAT32
Z:\ -> Connexion réseau
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 1472
C:\WINDOWS\system32\csrss.exe 1540
C:\WINDOWS\system32\winlogon.exe 1564
C:\WINDOWS\system32\services.exe 1608
C:\WINDOWS\system32\lsass.exe 1620
C:\WINDOWS\system32\svchost.exe 1792
C:\WINDOWS\system32\svchost.exe 1840
C:\WINDOWS\System32\svchost.exe 316
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 340
C:\WINDOWS\system32\svchost.exe 388
C:\WINDOWS\system32\svchost.exe 1072
C:\WINDOWS\system32\svchost.exe 1168
C:\WINDOWS\system32\ngvpnmgr.exe 1180
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1544
C:\WINDOWS\system32\spoolsv.exe 1960
C:\WINDOWS\System32\SCardSvr.exe 2000
C:\Program Files\Citrix\Client ICA\ssonsvr.exe 836
C:\WINDOWS\Explorer.EXE 1120
C:\WINDOWS\AhnRpta.exe 236
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 540
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 548
C:\WINDOWS\system32\igfxtray.exe 560
C:\WINDOWS\system32\igfxpers.exe 584
C:\Program Files\Analog Devices\Core\smax4pnp.exe 596
C:\WINDOWS\system32\igfxsrvc.exe 628
C:\WINDOWS\system32\AccelerometerSt.exe 644
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe 688
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 728
C:\Program Files\Winamp\winampa.exe 772
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE 832
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 800
C:\Program Files\iTunes\iTunesHelper.exe 848
C:\Program Files\McAfee\Common Framework\udaterui.exe 896
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe 904
C:\WINDOWS\system32\ctfmon.exe 1004
C:\Program Files\Messenger\msmsgs.exe 1032
C:\Program Files\SuperCopier2\SuperCopier2.exe 1068
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe 1272
C:\Program Files\Citrix\Client ICA\pnagent.exe 1300
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 1328
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1356
C:\Program Files\IPSec Client\trayicon.exe 1368
C:\Program Files\teraterm\ttpmenu.exe 2160
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE 2596
C:\Program Files\McAfee\Common Framework\McTray.exe 2920
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3444
C:\WINDOWS\system32\ROMServ.exe 3464
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe 3492
C:\WINDOWS\system32\svchost.exe 3520
C:\Program Files\IPSec Client\LucentIKESvc.exe 3564
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe 3616
C:\Program Files\IPSec Client\LucentIKE.exe 3628
C:\Program Files\McAfee\Common Framework\FrameworkService.exe 3672
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe 3752
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe 3768
C:\WINDOWS\system32\mfevtps.exe 3920
C:\WINDOWS\System32\svchost.exe 208
C:\WINDOWS\System32\svchost.exe 1468
C:\WINDOWS\system32\svchost.exe 2432
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2968
C:\Program Files\VMware\VMware Server\vmware-authd.exe 3020
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe 2124
C:\WINDOWS\system32\vmnat.exe 3200
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe 3256
C:\WINDOWS\system32\vmnetdhcp.exe 3932
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe 3976
C:\WINDOWS\system32\CCM\CcmExec.exe 4036
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 776
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe 3508
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe 3292
C:\WINDOWS\system32\wbem\wmiprvse.exe 4072
C:\Program Files\iPod\bin\iPodService.exe 3636
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe 2140
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe 2488
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe 3560
C:\WINDOWS\System32\alg.exe 2608
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 3388
C:\WINDOWS\system32\wbem\wmiprvse.exe 4388
C:\WINDOWS\system32\wbem\wmiprvse.exe 5564
C:\Program Files\Mozilla Firefox\firefox.exe 5620
C:\WINDOWS\system32\CCM\SMSCliUI.exe 4376
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 2416
C:\WINDOWS\system32\rundll32.exe 5840
C:\WINDOWS\system32\rundll32.exe 2620
C:\WINDOWS\system32\wbem\wmiprvse.exe 3148
################## | Fichiers # Dossiers infectieux |
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\system32\e8main0.dll
C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds0.dll
C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds1.dll
C:\DOCUME~1\abouchou\LOCALS~1\Temp\herss.exe
C:\1di1w.exe
C:\3n8awsyg.exe
C:\9b9w3.exe
C:\b00ijwpu.exe
C:\eexyv.exe
C:\hjvjte.exe
C:\mwfubaob.exe
C:\nds0q.exe
C:\qbr2q.exe
C:\se12ydam.exe
C:\uqgvf.exe
C:\vb0hsoay.exe
C:\vlvtdflx.exe
C:\wcgswa.exe
C:\wrsf.exe
C:\y8.exe
D:\0fkk02x.exe
D:\10nb.exe
D:\1di1w.exe
D:\2o1ajagt.exe
D:\3c.exe
D:\3n8awsyg.exe
D:\3yalgc.exe
D:\86.exe
D:\9b9w3.exe
D:\9jyhdim8.exe
D:\b.bat
D:\b00ijwpu.exe
D:\bycfht.exe
D:\cj3k.exe
D:\ctu8r.exe
D:\dogyx90.exe
D:\eexyv.exe
D:\ewqij.bat
D:\f9o8o.exe
D:\g8k.exe
D:\hjvjte.exe
D:\hx.exe
D:\i0yva6.exe
D:\kgji.exe
D:\l6jj.exe
D:\lcw.exe
D:\lhh3v.exe
D:\m.exe
D:\m1eqos3.exe
D:\mjafm.exe
D:\mranjm.exe
D:\mt2.exe
D:\mwfubaob.exe
D:\nds0q.exe
D:\nkv.bat
D:\o9bxu.exe
D:\o9bxu.exe
D:\ph.exe
D:\qbr2q.exe
D:\qcoageh.exe
D:\qcod.exe
D:\r2g20.exe
D:\rg9g9bgq.exe
D:\se12ydam.exe
D:\sp1jensi.exe
D:\t2hjo0.exe
D:\t8s2x.exe
D:\ucivd6xi.bat
D:\uqgvf.exe
D:\vb0hsoay.exe
D:\vlvtdflx.exe
D:\w9uxx92.exe
D:\wcgswa.exe
D:\wrsf.exe
D:\y8.exe
G:\0fkk02x.exe
G:\1di1w.exe
G:\9b9w3.exe
G:\9jyhdim8.exe
G:\ctu8r.exe
G:\eexyv.exe
G:\ewqij.bat
G:\f9o8o.exe
G:\hjvjte.exe
G:\mqhnawe.bat
G:\mranjm.exe
G:\mwfubaob.exe
G:\nds0q.exe
G:\nkv.bat
G:\qbr2q.exe
G:\r2g20.exe
G:\rg9g9bgq.exe
G:\rx.exe
G:\t2hjo0.exe
G:\ucivd6xi.bat
G:\vlvtdflx.exe
G:\wbj.exe
G:\wcgswa.exe
G:\wrsf.exe
G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
W:\22yj2fy1.exe
W:\hifdmgt.com
W:\ix8bmwx.bat
W:\p.exe
W:\ukvr.bat
W:\wbj.exe
W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registre # Clés Run infectieuses |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
[HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"
[HKCR\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2a45a7c2-0ef4-11dd-a7b2-001a6b7348b9}
Shell\AutoRun\command =H:\p.exe
HKCU\..\..\Explorer\MountPoints2\{4b3d9b61-72ad-11de-abb9-00226464a6bd}
Shell\AutoRun\command =p.exe
Shell\open\Command =p.exe
HKCU\..\..\Explorer\MountPoints2\{4b3d9b62-72ad-11de-abb9-00226464a6bd}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKCU\..\..\Explorer\MountPoints2\{6f4c89ec-6cf8-11dc-a61f-0017a4e3ffc8}
Shell\AutoRun\command =G:\p0ijj.bat
HKCU\..\..\Explorer\MountPoints2\{9f4624d6-b818-11de-ac69-001a6b7348b9}
Shell\AutoRun\command =G:\2sm66r.exe
Shell\open\Command =
HKCU\..\..\Explorer\MountPoints2\{a17da84c-bb6c-11de-ac70-001a6b7348b9}
Shell\AutoRun\command =H:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{b3dee6cd-2fc1-11dd-a80d-001a6b7348b9}
Shell\AutoRun\command =G:\p.exe
Shell\open\Command =G:\p.exe
HKCU\..\..\Explorer\MountPoints2\{c5c6325c-7119-11de-abb4-00226464a6bd}
Shell\AutoRun\command =G:\p.exe
HKCU\..\..\Explorer\MountPoints2\{d47c4b09-8e99-11dc-a677-001a6b7348b9}
Shell\AutoRun\command =G:\wbj.exe
Shell\open\Command =G:\wbj.exe
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\SSH Communications Security\SSH Secure Shell\ssh-keygen2.exe"
08/10/2003 09:36 |Size 790528 |Crc32 a98c744c |Md5 5c690a9c9f8948b3390a78409fdbcfe8
################## | ! Fin du rapport # UsbFix V6.048 ! |
Voilà le rapport USBFix:
############################## | UsbFix V6.048 |
User : abouchou () # FRRENN0X00671
Update on 04/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 22:45:39 | 05/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : McAfee VirusScan Enterprise 8.7.0.570 [ (!) Disabled | (!) Outdated ]
C:\ -> Disque fixe local # 29,29 Go (2,34 Go free) [SYSTEME] # NTFS
D:\ -> Disque fixe local # 82,49 Go (20,39 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 465,65 Go (132,49 Go free) [My Passport] # FAT32
W:\ -> Disque amovible # 3,73 Go (2,05 Go free) # FAT32
Z:\ -> Connexion réseau
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 1472
C:\WINDOWS\system32\csrss.exe 1540
C:\WINDOWS\system32\winlogon.exe 1564
C:\WINDOWS\system32\services.exe 1608
C:\WINDOWS\system32\lsass.exe 1620
C:\WINDOWS\system32\svchost.exe 1792
C:\WINDOWS\system32\svchost.exe 1840
C:\WINDOWS\System32\svchost.exe 316
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 340
C:\WINDOWS\system32\svchost.exe 388
C:\WINDOWS\system32\svchost.exe 1072
C:\WINDOWS\system32\svchost.exe 1168
C:\WINDOWS\system32\ngvpnmgr.exe 1180
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe 1544
C:\WINDOWS\system32\spoolsv.exe 1960
C:\WINDOWS\System32\SCardSvr.exe 2000
C:\Program Files\Citrix\Client ICA\ssonsvr.exe 836
C:\WINDOWS\Explorer.EXE 1120
C:\WINDOWS\AhnRpta.exe 236
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 540
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 548
C:\WINDOWS\system32\igfxtray.exe 560
C:\WINDOWS\system32\igfxpers.exe 584
C:\Program Files\Analog Devices\Core\smax4pnp.exe 596
C:\WINDOWS\system32\igfxsrvc.exe 628
C:\WINDOWS\system32\AccelerometerSt.exe 644
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe 688
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 728
C:\Program Files\Winamp\winampa.exe 772
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE 832
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe 800
C:\Program Files\iTunes\iTunesHelper.exe 848
C:\Program Files\McAfee\Common Framework\udaterui.exe 896
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe 904
C:\WINDOWS\system32\ctfmon.exe 1004
C:\Program Files\Messenger\msmsgs.exe 1032
C:\Program Files\SuperCopier2\SuperCopier2.exe 1068
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe 1272
C:\Program Files\Citrix\Client ICA\pnagent.exe 1300
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 1328
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1356
C:\Program Files\IPSec Client\trayicon.exe 1368
C:\Program Files\teraterm\ttpmenu.exe 2160
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE 2596
C:\Program Files\McAfee\Common Framework\McTray.exe 2920
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3444
C:\WINDOWS\system32\ROMServ.exe 3464
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe 3492
C:\WINDOWS\system32\svchost.exe 3520
C:\Program Files\IPSec Client\LucentIKESvc.exe 3564
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe 3616
C:\Program Files\IPSec Client\LucentIKE.exe 3628
C:\Program Files\McAfee\Common Framework\FrameworkService.exe 3672
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe 3752
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe 3768
C:\WINDOWS\system32\mfevtps.exe 3920
C:\WINDOWS\System32\svchost.exe 208
C:\WINDOWS\System32\svchost.exe 1468
C:\WINDOWS\system32\svchost.exe 2432
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 2968
C:\Program Files\VMware\VMware Server\vmware-authd.exe 3020
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe 2124
C:\WINDOWS\system32\vmnat.exe 3200
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe 3256
C:\WINDOWS\system32\vmnetdhcp.exe 3932
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe 3976
C:\WINDOWS\system32\CCM\CcmExec.exe 4036
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 776
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe 3508
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe 3292
C:\WINDOWS\system32\wbem\wmiprvse.exe 4072
C:\Program Files\iPod\bin\iPodService.exe 3636
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe 2140
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe 2488
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe 3560
C:\WINDOWS\System32\alg.exe 2608
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 3388
C:\WINDOWS\system32\wbem\wmiprvse.exe 4388
C:\WINDOWS\system32\wbem\wmiprvse.exe 5564
C:\Program Files\Mozilla Firefox\firefox.exe 5620
C:\WINDOWS\system32\CCM\SMSCliUI.exe 4376
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe 2416
C:\WINDOWS\system32\rundll32.exe 5840
C:\WINDOWS\system32\rundll32.exe 2620
C:\WINDOWS\system32\wbem\wmiprvse.exe 3148
################## | Fichiers # Dossiers infectieux |
C:\WINDOWS\AhnRpta.exe
C:\WINDOWS\system32\e8main0.dll
C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds0.dll
C:\DOCUME~1\abouchou\LOCALS~1\Temp\cvasds1.dll
C:\DOCUME~1\abouchou\LOCALS~1\Temp\herss.exe
C:\1di1w.exe
C:\3n8awsyg.exe
C:\9b9w3.exe
C:\b00ijwpu.exe
C:\eexyv.exe
C:\hjvjte.exe
C:\mwfubaob.exe
C:\nds0q.exe
C:\qbr2q.exe
C:\se12ydam.exe
C:\uqgvf.exe
C:\vb0hsoay.exe
C:\vlvtdflx.exe
C:\wcgswa.exe
C:\wrsf.exe
C:\y8.exe
D:\0fkk02x.exe
D:\10nb.exe
D:\1di1w.exe
D:\2o1ajagt.exe
D:\3c.exe
D:\3n8awsyg.exe
D:\3yalgc.exe
D:\86.exe
D:\9b9w3.exe
D:\9jyhdim8.exe
D:\b.bat
D:\b00ijwpu.exe
D:\bycfht.exe
D:\cj3k.exe
D:\ctu8r.exe
D:\dogyx90.exe
D:\eexyv.exe
D:\ewqij.bat
D:\f9o8o.exe
D:\g8k.exe
D:\hjvjte.exe
D:\hx.exe
D:\i0yva6.exe
D:\kgji.exe
D:\l6jj.exe
D:\lcw.exe
D:\lhh3v.exe
D:\m.exe
D:\m1eqos3.exe
D:\mjafm.exe
D:\mranjm.exe
D:\mt2.exe
D:\mwfubaob.exe
D:\nds0q.exe
D:\nkv.bat
D:\o9bxu.exe
D:\o9bxu.exe
D:\ph.exe
D:\qbr2q.exe
D:\qcoageh.exe
D:\qcod.exe
D:\r2g20.exe
D:\rg9g9bgq.exe
D:\se12ydam.exe
D:\sp1jensi.exe
D:\t2hjo0.exe
D:\t8s2x.exe
D:\ucivd6xi.bat
D:\uqgvf.exe
D:\vb0hsoay.exe
D:\vlvtdflx.exe
D:\w9uxx92.exe
D:\wcgswa.exe
D:\wrsf.exe
D:\y8.exe
G:\0fkk02x.exe
G:\1di1w.exe
G:\9b9w3.exe
G:\9jyhdim8.exe
G:\ctu8r.exe
G:\eexyv.exe
G:\ewqij.bat
G:\f9o8o.exe
G:\hjvjte.exe
G:\mqhnawe.bat
G:\mranjm.exe
G:\mwfubaob.exe
G:\nds0q.exe
G:\nkv.bat
G:\qbr2q.exe
G:\r2g20.exe
G:\rg9g9bgq.exe
G:\rx.exe
G:\t2hjo0.exe
G:\ucivd6xi.bat
G:\vlvtdflx.exe
G:\wbj.exe
G:\wcgswa.exe
G:\wrsf.exe
G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
W:\22yj2fy1.exe
W:\hifdmgt.com
W:\ix8bmwx.bat
W:\p.exe
W:\ukvr.bat
W:\wbj.exe
W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
W:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
################## | Registre # Clés Run infectieuses |
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
[HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"
[HKCR\CLSID\{bb4c402f-882a-4526-8c08-51278ea437c1}]
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{2a45a7c2-0ef4-11dd-a7b2-001a6b7348b9}
Shell\AutoRun\command =H:\p.exe
HKCU\..\..\Explorer\MountPoints2\{4b3d9b61-72ad-11de-abb9-00226464a6bd}
Shell\AutoRun\command =p.exe
Shell\open\Command =p.exe
HKCU\..\..\Explorer\MountPoints2\{4b3d9b62-72ad-11de-abb9-00226464a6bd}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKCU\..\..\Explorer\MountPoints2\{6f4c89ec-6cf8-11dc-a61f-0017a4e3ffc8}
Shell\AutoRun\command =G:\p0ijj.bat
HKCU\..\..\Explorer\MountPoints2\{9f4624d6-b818-11de-ac69-001a6b7348b9}
Shell\AutoRun\command =G:\2sm66r.exe
Shell\open\Command =
HKCU\..\..\Explorer\MountPoints2\{a17da84c-bb6c-11de-ac70-001a6b7348b9}
Shell\AutoRun\command =H:\LaunchU3.exe -a
HKCU\..\..\Explorer\MountPoints2\{b3dee6cd-2fc1-11dd-a80d-001a6b7348b9}
Shell\AutoRun\command =G:\p.exe
Shell\open\Command =G:\p.exe
HKCU\..\..\Explorer\MountPoints2\{c5c6325c-7119-11de-abb4-00226464a6bd}
Shell\AutoRun\command =G:\p.exe
HKCU\..\..\Explorer\MountPoints2\{d47c4b09-8e99-11dc-a677-001a6b7348b9}
Shell\AutoRun\command =G:\wbj.exe
Shell\open\Command =G:\wbj.exe
################## | Suspect | https://www.virustotal.com/gui/ |
################## | Cracks / Keygens / Serials |
"C:\Program Files\SSH Communications Security\SSH Secure Shell\ssh-keygen2.exe"
08/10/2003 09:36 |Size 790528 |Crc32 a98c744c |Md5 5c690a9c9f8948b3390a78409fdbcfe8
################## | ! Fin du rapport # UsbFix V6.048 ! |
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
7 nov. 2009 à 16:37
7 nov. 2009 à 16:37
USBFix a fait la vaccination des disques C, D, G et W.
La vaccination crée des dossiers appelés autorun.inf pour éviter une réinfection.
Ils sont insupprimables en passant pas Clic droit > supprimer ou autres méthodes.
Je te conseille de les garder. Si tu veux les supprimer dans quelques temps, soit tu formates ta clé si elle est vide, soit tu reviens me voir ;-).
*********
Analyse ces fichiers :
Sur le site de virustotal :
https://www.virustotal.com/gui/
Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.
Poste bien les rapports en m’indiquant à chaque rapport envoyé le nom du fichier concerné !
(Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant).
***********
Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller
Si tu as besoin d’aide regarde ce tutorial ICI
La vaccination crée des dossiers appelés autorun.inf pour éviter une réinfection.
Ils sont insupprimables en passant pas Clic droit > supprimer ou autres méthodes.
Je te conseille de les garder. Si tu veux les supprimer dans quelques temps, soit tu formates ta clé si elle est vide, soit tu reviens me voir ;-).
*********
Analyse ces fichiers :
C:\srgo.exe C:\xbvv0.exe
Sur le site de virustotal :
https://www.virustotal.com/gui/
Parcourir > Sélectionne ton fichier > Analyser, patiente que l’analyse soit terminée.
Poste bien les rapports en m’indiquant à chaque rapport envoyé le nom du fichier concerné !
(Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant).
***********
Télécharge Malwarebytes’ Anti-Malware
= = = = >>> En cliquant ici <<< = = = =
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller
Si tu as besoin d’aide regarde ce tutorial ICI
Alors, pour le srgo.exe
Fichier srgo.exe reçu le 2009.11.06 23:35:39 (UTC)
Situation actuelle: terminé
Résultat: 23/41 (56.10%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.06 Trojan.Win32.Inhoo!IK
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.06 -
Avast 4.8.1351.0 2009.11.06 Win32:Soolo
AVG 8.5.0.423 2009.11.06 PSW.OnlineGames3.UKI
BitDefender 7.2 2009.11.06 -
CAT-QuickHeal 10.00 2009.11.06 -
ClamAV 0.94.1 2009.11.06 -
Comodo 2866 2009.11.07 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.11.06 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.11.05 Win32.TRCrypt.ZPACK
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.06 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.06 SPY/Magania
GData 19 2009.11.06 Win32:Soolo
Ikarus T3.1.1.74.0 2009.11.06 Trojan.Win32.Inhoo
Jiangmin 11.0.800 2009.11.06 -
K7AntiVirus 7.10.890 2009.11.06 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.11.06 Trojan-GameThief.Win32.Magania.clqc
McAfee 5794 2009.11.06 PWS-Mmorpg!hh
McAfee+Artemis 5794 2009.11.06 PWS-Mmorpg!hh
McAfee-GW-Edition 6.8.5 2009.11.06 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5202 2009.11.06 Worm:Win32/Taterf.B
NOD32 4580 2009.11.06 Win32/PSW.OnLineGames.NNU
Norman 6.03.02 2009.11.06 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.11.06 -
Panda 10.0.2.2 2009.11.06 Generic Malware
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.44.00 2009.11.06 -
Sophos 4.47.0 2009.11.06 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.11.06 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.11.07 W32.Gammima.AG
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.06 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.06 Worm.Autorun.ACTR
Information additionnelle
File size: 114304 bytes
MD5 : edabab132907e0ea2feeaf18da8ed259
SHA1 : e75b47b53ac0e5412a13a964cf626110bd80f3b6
SHA256: 1b21984d16076a1303b23db9b0324b08e53f53804da927c53299c6cb8aba2939
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10B3
timedatestamp.....: 0x4AE9205D (Thu Oct 29 05:55:57 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1E000 0x6A6 7.85 8a2bc6390f385844e8d179e504e1c749
.data 0x1F000 0x1A000 0x19800 7.94 827d526df7af8af1275f171f46a63077
.rsrc 0x39000 0x2000 0x1470 0.80 c7b81e729fcc4be6eda3af4b6b7743b9
.reloc 0x3B000 0x1000 0x480 0.10 0b45ff197f15b4d03203660457422f53
gtsduwe 0x3C000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 1 imports )
> kernel32.dll: LoadLibraryA, GetStartupInfoA, IsBadReadPtr, GetModuleHandleA, GetCurrentProcessId, GetCommandLineA, GetCompressedFileSizeA, GetPrivateProfileSectionA, CreateDirectoryW, ExitProcess
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:pU/NyxrqsjJL6/U2gTxMDJWsO3vFtS8rymI2:pU8RqslW/UlTxMD/O3vOm
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=641B67C680D6356CBE3F01A2C6616300AF59F46A
PEiD : -
RDS : NSRL Reference Data Set
-
Fichier srgo.exe reçu le 2009.11.06 23:35:39 (UTC)
Situation actuelle: terminé
Résultat: 23/41 (56.10%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.06 Trojan.Win32.Inhoo!IK
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.06 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.11.05 -
Authentium 5.2.0.5 2009.11.06 -
Avast 4.8.1351.0 2009.11.06 Win32:Soolo
AVG 8.5.0.423 2009.11.06 PSW.OnlineGames3.UKI
BitDefender 7.2 2009.11.06 -
CAT-QuickHeal 10.00 2009.11.06 -
ClamAV 0.94.1 2009.11.06 -
Comodo 2866 2009.11.07 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.11.06 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.11.05 Win32.TRCrypt.ZPACK
eTrust-Vet 35.1.7108 2009.11.06 -
F-Prot 4.5.1.85 2009.11.06 -
F-Secure 9.0.15370.0 2009.11.04 -
Fortinet 3.120.0.0 2009.11.06 SPY/Magania
GData 19 2009.11.06 Win32:Soolo
Ikarus T3.1.1.74.0 2009.11.06 Trojan.Win32.Inhoo
Jiangmin 11.0.800 2009.11.06 -
K7AntiVirus 7.10.890 2009.11.06 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.11.06 Trojan-GameThief.Win32.Magania.clqc
McAfee 5794 2009.11.06 PWS-Mmorpg!hh
McAfee+Artemis 5794 2009.11.06 PWS-Mmorpg!hh
McAfee-GW-Edition 6.8.5 2009.11.06 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5202 2009.11.06 Worm:Win32/Taterf.B
NOD32 4580 2009.11.06 Win32/PSW.OnLineGames.NNU
Norman 6.03.02 2009.11.06 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.11.06 -
Panda 10.0.2.2 2009.11.06 Generic Malware
PCTools 7.0.3.5 2009.11.06 -
Prevx 3.0 2009.11.07 -
Rising 21.54.44.00 2009.11.06 -
Sophos 4.47.0 2009.11.06 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.11.06 BehavesLike.Win32.Malware (v)
Symantec 1.4.4.12 2009.11.07 W32.Gammima.AG
TheHacker 6.5.0.2.063 2009.11.06 -
TrendMicro 9.0.0.1003 2009.11.06 -
VBA32 3.12.10.11 2009.11.06 -
ViRobot 2009.11.6.2025 2009.11.06 -
VirusBuster 4.6.5.0 2009.11.06 Worm.Autorun.ACTR
Information additionnelle
File size: 114304 bytes
MD5 : edabab132907e0ea2feeaf18da8ed259
SHA1 : e75b47b53ac0e5412a13a964cf626110bd80f3b6
SHA256: 1b21984d16076a1303b23db9b0324b08e53f53804da927c53299c6cb8aba2939
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10B3
timedatestamp.....: 0x4AE9205D (Thu Oct 29 05:55:57 2009)
machinetype.......: 0x14C (Intel I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1E000 0x6A6 7.85 8a2bc6390f385844e8d179e504e1c749
.data 0x1F000 0x1A000 0x19800 7.94 827d526df7af8af1275f171f46a63077
.rsrc 0x39000 0x2000 0x1470 0.80 c7b81e729fcc4be6eda3af4b6b7743b9
.reloc 0x3B000 0x1000 0x480 0.10 0b45ff197f15b4d03203660457422f53
gtsduwe 0x3C000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 1 imports )
> kernel32.dll: LoadLibraryA, GetStartupInfoA, IsBadReadPtr, GetModuleHandleA, GetCurrentProcessId, GetCommandLineA, GetCompressedFileSizeA, GetPrivateProfileSectionA, CreateDirectoryW, ExitProcess
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 3072:pU/NyxrqsjJL6/U2gTxMDJWsO3vFtS8rymI2:pU8RqslW/UlTxMD/O3vOm
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=641B67C680D6356CBE3F01A2C6616300AF59F46A
PEiD : -
RDS : NSRL Reference Data Set
-
Et ça c'est pour le xbvv0.exe !!
Je fais le reste et j'envoie le rapport!
Merci !!!
Fichier F5476697611C45E5B6CD01A05598FD00450ACA0E.exe reçu le 2009.10.26 14:29:23 (UTC)
Situation actuelle: terminé
Résultat: 36/41 (87.80%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.26 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.10.23 -
AntiVir 7.9.1.44 2009.10.26 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.10.26 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.25 Win32:Kamso
AVG 8.5.0.423 2009.10.26 SHeur2.BABN
BitDefender 7.2 2009.10.26 Trojan.PWS.OnlineGames.KCTX
CAT-QuickHeal 10.00 2009.10.26 TrojanGameThief.Magania.bzmw
ClamAV 0.94.1 2009.10.26 -
Comodo 2739 2009.10.26 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.10.26 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.10.25 Suspicious File
eTrust-Vet 35.1.7083 2009.10.26 Win32/Frethog.FOS
F-Prot 4.5.1.85 2009.10.25 W32/OnlineGames.CN.gen!Eldorado
F-Secure 9.0.15370.0 2009.10.22 Trojan.PWS.OnlineGames.KCTX
Fortinet 3.120.0.0 2009.10.26 SPY/Magania
GData 19 2009.10.26 Trojan.PWS.OnlineGames.KCTX
Ikarus T3.1.1.72.0 2009.10.26 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.10.26 Trojan/PSW.Magania.ycj
K7AntiVirus 7.10.879 2009.10.24 Trojan-PSW.Win32.Magania.bzmw
Kaspersky 7.0.0.125 2009.10.26 Trojan-GameThief.Win32.Magania.bzmw
McAfee 5782 2009.10.25 Generic PWS.ak
McAfee+Artemis 5782 2009.10.25 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.10.26 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5202 2009.10.26 Worm:Win32/Taterf.B
NOD32 4544 2009.10.26 a variant of Win32/Pacex.Gen
Norman 6.03.02 2009.10.23 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.10.26 Trojan/W32.Agent.112225
Panda 10.0.2.2 2009.10.26 Generic Worm
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 -
Rising 21.53.04.00 2009.10.26 Packer.Win32.Nodef.c
Sophos 4.46.0 2009.10.26 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.10.25 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.10.26 Trojan Horse
TheHacker 6.5.0.2.053 2009.10.24 Trojan/Magania.bzmw
TrendMicro 8.950.0.1094 2009.10.26 WORM_AUTORUN.FOM
VBA32 3.12.10.11 2009.10.23 Trojan-GameThief.Win32.Magania.bzmw
ViRobot 2009.10.26.2005 2009.10.26 Trojan.Win32.PSWMagania.112225
VirusBuster 4.6.5.0 2009.10.25 Trojan.PWS.Magania.SOX
Information additionnelle
File size: 112225 bytes
MD5 : 963a0c9fc0b1c8c6a8bdfb746472c3a8
SHA1 : 2a5ebd0460673df4fa716278ffe880d287672e22
SHA256: 213be071c0d033acf00540f8f4ec7f0301281f3ebb4819fc5130963b378a17e2
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x36CD6
timedatestamp.....: 0x4A857A2B (Fri Aug 14 16:52:27 2009)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x1D000 0x440 7.82 4e1b80303618a3ecc0bcb47e27b7d743
.data 0x1E000 0x1A000 0x19800 7.95 0f95fd77f621b2f34f25255f9abdb367
.rsrc 0x38000 0xBA78 0x1461 0.80 0abec3c659421a808ee3819d21d248cf
sfzmht 0x44000 0x39B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, DuplicateConsoleHandle, EnumSystemCodePagesA, CopyFileExW, ExitProcess, FoldStringW, CreateFileMappingA, GetTapeParameters, IsBadReadPtr, GetDateFormatA, GetCurrentProcessId, FindClose
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: https://www.symantec.com?md5=963a0c9fc0b1c8c6a8bdfb746472c3a8
ssdeep: 1536:a/nk6TTZsywHen73MPv+tVPzJqE7pn2c5qzNwysan9khnRgAGLz0ET85N:mnBBvw+TMPWVoE78cYzlB9w8UA
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=F5476697611C45E5B6CD01A05598FD00450ACA0E
PEiD : -
RDS : NSRL Reference Data Set
Je fais le reste et j'envoie le rapport!
Merci !!!
Fichier F5476697611C45E5B6CD01A05598FD00450ACA0E.exe reçu le 2009.10.26 14:29:23 (UTC)
Situation actuelle: terminé
Résultat: 36/41 (87.80%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.10.26 Worm.Win32.Taterf!IK
AhnLab-V3 5.0.0.2 2009.10.23 -
AntiVir 7.9.1.44 2009.10.26 TR/Crypt.ZPACK.Gen
Antiy-AVL 2.0.3.7 2009.10.26 Trojan/Win32.Magania.gen
Authentium 5.1.2.4 2009.10.26 -
Avast 4.8.1351.0 2009.10.25 Win32:Kamso
AVG 8.5.0.423 2009.10.26 SHeur2.BABN
BitDefender 7.2 2009.10.26 Trojan.PWS.OnlineGames.KCTX
CAT-QuickHeal 10.00 2009.10.26 TrojanGameThief.Magania.bzmw
ClamAV 0.94.1 2009.10.26 -
Comodo 2739 2009.10.26 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.0.12182 2009.10.26 Trojan.PWS.Wsgame.12661
eSafe 7.0.17.0 2009.10.25 Suspicious File
eTrust-Vet 35.1.7083 2009.10.26 Win32/Frethog.FOS
F-Prot 4.5.1.85 2009.10.25 W32/OnlineGames.CN.gen!Eldorado
F-Secure 9.0.15370.0 2009.10.22 Trojan.PWS.OnlineGames.KCTX
Fortinet 3.120.0.0 2009.10.26 SPY/Magania
GData 19 2009.10.26 Trojan.PWS.OnlineGames.KCTX
Ikarus T3.1.1.72.0 2009.10.26 Worm.Win32.Taterf
Jiangmin 11.0.800 2009.10.26 Trojan/PSW.Magania.ycj
K7AntiVirus 7.10.879 2009.10.24 Trojan-PSW.Win32.Magania.bzmw
Kaspersky 7.0.0.125 2009.10.26 Trojan-GameThief.Win32.Magania.bzmw
McAfee 5782 2009.10.25 Generic PWS.ak
McAfee+Artemis 5782 2009.10.25 Generic PWS.ak
McAfee-GW-Edition 6.8.5 2009.10.26 Heuristic.LooksLike.Win32.SuspiciousPE.B
Microsoft 1.5202 2009.10.26 Worm:Win32/Taterf.B
NOD32 4544 2009.10.26 a variant of Win32/Pacex.Gen
Norman 6.03.02 2009.10.23 OnLineGames.KGCC
nProtect 2009.1.8.0 2009.10.26 Trojan/W32.Agent.112225
Panda 10.0.2.2 2009.10.26 Generic Worm
PCTools 4.4.2.0 2009.10.19 -
Prevx 3.0 2009.10.26 -
Rising 21.53.04.00 2009.10.26 Packer.Win32.Nodef.c
Sophos 4.46.0 2009.10.26 Mal/EncPk-JS
Sunbelt 3.2.1858.2 2009.10.25 Worm.Win32.AutoRun
Symantec 1.4.4.12 2009.10.26 Trojan Horse
TheHacker 6.5.0.2.053 2009.10.24 Trojan/Magania.bzmw
TrendMicro 8.950.0.1094 2009.10.26 WORM_AUTORUN.FOM
VBA32 3.12.10.11 2009.10.23 Trojan-GameThief.Win32.Magania.bzmw
ViRobot 2009.10.26.2005 2009.10.26 Trojan.Win32.PSWMagania.112225
VirusBuster 4.6.5.0 2009.10.25 Trojan.PWS.Magania.SOX
Information additionnelle
File size: 112225 bytes
MD5 : 963a0c9fc0b1c8c6a8bdfb746472c3a8
SHA1 : 2a5ebd0460673df4fa716278ffe880d287672e22
SHA256: 213be071c0d033acf00540f8f4ec7f0301281f3ebb4819fc5130963b378a17e2
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x36CD6
timedatestamp.....: 0x4A857A2B (Fri Aug 14 16:52:27 2009)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.code 0x1000 0x1D000 0x440 7.82 4e1b80303618a3ecc0bcb47e27b7d743
.data 0x1E000 0x1A000 0x19800 7.95 0f95fd77f621b2f34f25255f9abdb367
.rsrc 0x38000 0xBA78 0x1461 0.80 0abec3c659421a808ee3819d21d248cf
sfzmht 0x44000 0x39B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 1 imports )
> kernel32.dll: LoadLibraryA, GetProcAddress, DuplicateConsoleHandle, EnumSystemCodePagesA, CopyFileExW, ExitProcess, FoldStringW, CreateFileMappingA, GetTapeParameters, IsBadReadPtr, GetDateFormatA, GetCurrentProcessId, FindClose
( 0 exports )
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ThreatExpert: https://www.symantec.com?md5=963a0c9fc0b1c8c6a8bdfb746472c3a8
ssdeep: 1536:a/nk6TTZsywHen73MPv+tVPzJqE7pn2c5qzNwysan9khnRgAGLz0ET85N:mnBBvw+TMPWVoE78cYzlB9w8UA
Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=F5476697611C45E5B6CD01A05598FD00450ACA0E
PEiD : -
RDS : NSRL Reference Data Set
BeFaX
Messages postés
14245
Date d'inscription
mercredi 24 décembre 2008
Statut
Contributeur
Dernière intervention
6 août 2013
3 818
7 nov. 2009 à 17:25
7 nov. 2009 à 17:25
Je comprends pas, comment vous faites pour avoir autant de fichier infectés sans vous en rendre compte lol.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
7 nov. 2009 à 17:31
7 nov. 2009 à 17:31
En effet c'est impressionnant pour une infection USB !
Utilisateur anonyme
7 nov. 2009 à 19:48
7 nov. 2009 à 19:48
salut :
ommission ?
C:\srgo.exe
C:\xbvv0.exe
ommission ?
C:\srgo.exe
C:\xbvv0.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
7 nov. 2009 à 20:11
7 nov. 2009 à 20:11
C'est vu et remonté :
http://lyonnais92.aceboard.fr/246694-11215-10779-6-Feed-back-pour-USBFix.htm
J'attends une réponse de Chiquitine et j'attends le rapport MBAM pour faire un éventuel upload MBAM.
http://lyonnais92.aceboard.fr/246694-11215-10779-6-Feed-back-pour-USBFix.htm
J'attends une réponse de Chiquitine et j'attends le rapport MBAM pour faire un éventuel upload MBAM.
Jean Ba
>
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 nov. 2009 à 22:00
7 nov. 2009 à 22:00
J'ai pas tout compris à ce que vous avez dit lol
Bref, j'ai fait le malwarebytes, il a rien trouvé.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2
07/11/2009 21:14:57
mbam-log-2009-11-07 (21-14-57).txt
Type de recherche: Examen complet (C:\|D:\|G:\|W:\|)
Eléments examinés: 224536
Temps écoulé: 2 hour(s), 6 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Bref, j'ai fait le malwarebytes, il a rien trouvé.
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1134
Windows 5.1.2600 Service Pack 2
07/11/2009 21:14:57
mbam-log-2009-11-07 (21-14-57).txt
Type de recherche: Examen complet (C:\|D:\|G:\|W:\|)
Eléments examinés: 224536
Temps écoulé: 2 hour(s), 6 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
7 nov. 2009 à 23:57
7 nov. 2009 à 23:57
J'ai pas tout compris à ce que vous avez dit lol
Ne t'en fais pas ;-).
******
Pour aider les développeurs d'outils contre les infections, il serait bien que tu fasses ceci stp :
Vas sur cette adresse :
http://uploads.malwarebytes.org/
Et envoie ces deux fichiers afin qu'ils mettent à jour leur outil :
C:\srgo.exe
C:\xbvv0.exe
(File 1 => Parcourir => Sélectionne le fichier).
(File 2 => Parcourir => Sélectionne le fichier).
("Upload").
Fais de même sur ce lien :
https://www.avira.com/
(Fais le bien pour les deux fichiers).
Merci pour ta collaboration.
Une fois que c'est fait, confirme le moi et... :
*********
Pour une analyse plus en profondeur de ton PC :
Télécharge Random’s System Information Tool (RSIT) de random/random et enregistre l’exécutable sur le Bureau.
= = = = >>> En cliquant ici <<< = = = =
* Double clique sur RSIT.exe pour le lancer.
* Une première fenêtre s’ouvre, clique alors sur Continue (Disclaimer).
* Si la dernière version de HijackThis n’est pas détectée sur ton PC, RSIT le téléchargera et te demandera d’accepter la licence.
* Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront (probablement avec le bloc-notes).
* Poste le contenu de log.txt.
Voilà pour l'update des 2 executables, je fais la suite maintenant.
UploadNET™
Thank you! The file srgo.exe has been uploaded!
Thank you! The file xbvv0.exe has been uploaded!
***********************************
***********************************
Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25491659 srgo.exe 111.63 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
srgo.exe MALWARE
The file 'srgo.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Crypt.ZPACK.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
************************************
************************************
Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25491662 xbvv0.exe 109.59 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
xbvv0.exe MALWARE
The file 'xbvv0.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Crypt.ZPACK.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
UploadNET™
Thank you! The file srgo.exe has been uploaded!
Thank you! The file xbvv0.exe has been uploaded!
***********************************
***********************************
Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25491659 srgo.exe 111.63 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
srgo.exe MALWARE
The file 'srgo.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Crypt.ZPACK.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
************************************
************************************
Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25491662 xbvv0.exe 109.59 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
xbvv0.exe MALWARE
The file 'xbvv0.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Crypt.ZPACK.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.
Et voilà le log.txt du RSIT!
Merci !!
Logfile of random's system information tool 1.06 (written by random/random)
Run by abouchou at 2009-11-08 09:25:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 30 GB
Total RAM: 3063 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:14, on 08/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Citrix\Client ICA\pnagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ROMServ.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\teraterm\ttpmenu.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-165416\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-174554\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-181162\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-6702\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-74524\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1625056843-1249732546-1221738049-13666\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1625056843-1249732546-1221738049-1397\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1625056843-1249732546-1221738049-3928\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collector.lnk = C:\Program Files\teraterm\Collector\Collector.exe
O4 - Startup: TeraTerm Menu.lnk = C:\Program Files\teraterm\ttpmenu.exe
O4 - Global Startup: Agent Program Neighborhood.lnk = C:\Program Files\Citrix\Client ICA\pnagent.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://172.17.128.226/dvc.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CBCF8AB4-8A12-4A8A-A22D-36480B41DC78} (eDataInstall ActiveX control, Version 4.0) - http://coopnet.multimedia-conference.orange-business.com/...
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lfmsdy.dll c:\windows\system32\rotawapo.dll c:\windows\system32\fogiguzu.dll c:\windows\system32\fesorega.dll c:\windows\system32\zodetego.dll c:\windows\system32\wahayaga.dll c:\windows\system32\nutowuko.dll c:\windows\system32\vetajume.dll c:\windows\system32\gofizesa.dll c:\windows\system32\buyetuza.dll c:\windows\system32\hadezabi.dll c:\windows\system32\yozezuna.dll c:\windows\system32\ravebavi.dll c:\windows\system32\mohafilu.dll c:\windows\system32\lehuguwe.dll c:\windows\system32\ruyutave.dll c:\windows\system32\vuwupajo.dll c:\windows\system32\sujegaru.dll c:\windows\system32\fuweyofa.dll c:\windows\system32\dimisawo.dll c:\windows\system32\dafanole.dll c:\windows\system32\janifedu.dll c:\windows\system32\pisefire.dll c:\windows\system32\yutobayu.dll c:\windows\system32\gehufidu.dll c:\windows\system32\dutudari.dll c:\windows\system32\goralaro.dll c:\windows\system32\yesileya.dll c:\windows\system32\lebenesa.dll c:\windows\system32\movoyari.dll c:\windows\system32\hilemebu.dll c:\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yejedotu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yejedotu.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EEPROM Service Module (EEPROMService) - Unknown owner - C:\WINDOWS\system32\ROMServ.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\ORACLE\ora81\BIN\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Merci !!
Logfile of random's system information tool 1.06 (written by random/random)
Run by abouchou at 2009-11-08 09:25:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 30 GB
Total RAM: 3063 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:26:14, on 08/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Citrix\Client ICA\pnagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ROMServ.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\teraterm\ttpmenu.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-165416\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-174554\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-181162\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-6702\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1220945662-796845957-725345543-74524\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1625056843-1249732546-1221738049-13666\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1625056843-1249732546-1221738049-1397\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1625056843-1249732546-1221738049-3928\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collector.lnk = C:\Program Files\teraterm\Collector\Collector.exe
O4 - Startup: TeraTerm Menu.lnk = C:\Program Files\teraterm\ttpmenu.exe
O4 - Global Startup: Agent Program Neighborhood.lnk = C:\Program Files\Citrix\Client ICA\pnagent.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://172.17.128.226/dvc.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CBCF8AB4-8A12-4A8A-A22D-36480B41DC78} (eDataInstall ActiveX control, Version 4.0) - http://coopnet.multimedia-conference.orange-business.com/...
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lfmsdy.dll c:\windows\system32\rotawapo.dll c:\windows\system32\fogiguzu.dll c:\windows\system32\fesorega.dll c:\windows\system32\zodetego.dll c:\windows\system32\wahayaga.dll c:\windows\system32\nutowuko.dll c:\windows\system32\vetajume.dll c:\windows\system32\gofizesa.dll c:\windows\system32\buyetuza.dll c:\windows\system32\hadezabi.dll c:\windows\system32\yozezuna.dll c:\windows\system32\ravebavi.dll c:\windows\system32\mohafilu.dll c:\windows\system32\lehuguwe.dll c:\windows\system32\ruyutave.dll c:\windows\system32\vuwupajo.dll c:\windows\system32\sujegaru.dll c:\windows\system32\fuweyofa.dll c:\windows\system32\dimisawo.dll c:\windows\system32\dafanole.dll c:\windows\system32\janifedu.dll c:\windows\system32\pisefire.dll c:\windows\system32\yutobayu.dll c:\windows\system32\gehufidu.dll c:\windows\system32\dutudari.dll c:\windows\system32\goralaro.dll c:\windows\system32\yesileya.dll c:\windows\system32\lebenesa.dll c:\windows\system32\movoyari.dll c:\windows\system32\hilemebu.dll c:\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yejedotu.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yejedotu.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EEPROM Service Module (EEPROMService) - Unknown owner - C:\WINDOWS\system32\ROMServ.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\ORACLE\ora81\BIN\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
8 nov. 2009 à 10:51
8 nov. 2009 à 10:51
Parfait.
On va vérifier si MBAM les supprime...
********
MBAM n'était pas du tout à jour !
Fais la mise à jour (tu dois au moins avoir ceci dans l'onglet mises à jour :
Version de la base de données: 3123)
Refais un scan complet du PC.
On va vérifier si MBAM les supprime...
********
Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1134
MBAM n'était pas du tout à jour !
Fais la mise à jour (tu dois au moins avoir ceci dans l'onglet mises à jour :
Version de la base de données: 3123)
Refais un scan complet du PC.
Ok avec une version à jour, il a trouvé plein de trucs !!!!
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3123
Windows 5.1.2600 Service Pack 2
08/11/2009 16:59:07
mbam-log-2009-11-08 (16-59-07).txt
Type de recherche: Examen complet (C:\|D:\|G:\|W:\|)
Eléments examinés: 358394
Temps écoulé: 2 hour(s), 8 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 198
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\MyWebFaceSetup2.3.50.53.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000002.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000098.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000099.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000102.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000115.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000150.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000154.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000155.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000156.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000157.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\0fkk02x.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\10nb.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\2o1ajagt.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\3c.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\3n8awsyg.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\3yalgc.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\86.exe.UsbFix (Trojan.GameThief) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\9b9w3.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\o9bxu.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\ph.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\qbr2q.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\qcod.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\r2g20.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\rg9g9bgq.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\9jyhdim8.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\b.bat.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\bycfht.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\cj3k.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\ctu8r.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\dogyx90.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\f9o8o.exe.UsbFix (Worm.Taterf) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\g8k.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\hx.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\i0yva6.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\kgji.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\lcw.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\lhh3v.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\m.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\m1eqos3.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mjafm.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mranjm.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mt2.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mwfubaob.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\t2hjo0.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\t8s2x.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\vlvtdflx.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\wcgswa.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\wrsf.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\y8.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\ewqij.bat.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\kgji.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\0fkk02x.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\10nb.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\3yalgc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\86.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
C:\quarantine\C_\9jyhdim8.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\bycfht.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\ctu8r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\dogyx90.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\ewqij.bat (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\f9o8o.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\g8k.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\i0yva6.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\lcw.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\lhh3v.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\m.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\m1eqos3.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\mjafm.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\mt2.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\o9bxu.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\r2g20.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\rg9g9bgq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\t2hjo0.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\Documents and Settings\Administrateur\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\Documents and Settings\Administrateur\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0001595.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0001609.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0002112.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002187.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002243.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002424.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002466.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0002551.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0003457.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0004457.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0004571.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\desoyahi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuvamugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zayiveva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvasds2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000003.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000158.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000159.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000161.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000162.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000163.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000164.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000165.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000166.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000167.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000168.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000170.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000171.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000172.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000173.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000175.bat (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000176.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000177.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000178.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000179.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000180.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000181.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000183.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000184.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000185.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000186.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000187.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000188.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000189.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000190.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000193.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000194.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000195.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000197.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000198.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000199.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000202.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000203.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000207.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000209.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000210.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000211.exe (Worm.Magania) -> Quarantined and deleted successfully.
G:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP71\A0020851.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP72\A0021215.exe (Worm.Magania) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021790.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021791.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021847.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021896.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021937.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP76\A0021943.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP76\A0023059.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP77\A0023320.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP83\A0025634.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP83\A0025635.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP84\A0025857.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0003255.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0004212.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0003459.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0004546.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006176.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006256.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006273.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006274.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP12\A0007073.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP12\A0007101.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP16\A0012243.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0001189.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0001210.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0001217.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003174.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003193.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003194.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003239.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000069.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000212.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000214.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000215.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000216.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000218.bat (Worm.Magania) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000219.exe (Worm.Taterf) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000222.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000223.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000226.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000227.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000228.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000230.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000232.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000234.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000235.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
W:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3123
Windows 5.1.2600 Service Pack 2
08/11/2009 16:59:07
mbam-log-2009-11-08 (16-59-07).txt
Type de recherche: Examen complet (C:\|D:\|G:\|W:\|)
Eléments examinés: 358394
Temps écoulé: 2 hour(s), 8 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 198
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\NOD32KVBIT (Trojan.Frethog) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\MyWebFaceSetup2.3.50.53.GRfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000002.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000098.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000099.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000102.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000115.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000150.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000154.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000155.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000156.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000157.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\0fkk02x.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\10nb.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\2o1ajagt.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\3c.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\3n8awsyg.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\3yalgc.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\86.exe.UsbFix (Trojan.GameThief) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\9b9w3.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\o9bxu.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\ph.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\qbr2q.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\qcod.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\r2g20.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\rg9g9bgq.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\9jyhdim8.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\b.bat.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\bycfht.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\cj3k.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\ctu8r.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\dogyx90.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\f9o8o.exe.UsbFix (Worm.Taterf) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\g8k.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\hx.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\i0yva6.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\kgji.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\lcw.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\lhh3v.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\m.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\m1eqos3.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mjafm.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mranjm.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mt2.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\mwfubaob.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\t2hjo0.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\t8s2x.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\vlvtdflx.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\wcgswa.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\wrsf.exe.UsbFix (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\y8.exe.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\ewqij.bat.UsbFix (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\kgji.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\0fkk02x.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\10nb.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\2o1ajagt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\3c.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\3yalgc.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\86.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
C:\quarantine\C_\9jyhdim8.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\b.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\bycfht.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\cj3k.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\ctu8r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\dogyx90.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\ewqij.bat (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\f9o8o.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\g8k.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\hx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\i0yva6.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\lcw.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\lhh3v.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\m.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\m1eqos3.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\mjafm.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\mranjm.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\mt2.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\o9bxu.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\ph.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\qcod.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\r2g20.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\rg9g9bgq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\t2hjo0.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\t8s2x.exe (Worm.Magania) -> Quarantined and deleted successfully.
C:\quarantine\C_\Documents and Settings\Administrateur\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\Documents and Settings\Administrateur\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0001595.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0001609.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0002112.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002187.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002243.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002424.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP3\A0002466.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0002551.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0003457.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0004457.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\quarantine\C_\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0004571.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\desoyahi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kuvamugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zayiveva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvasds0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cvasds2.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\xbvv0.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000003.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000158.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000159.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000161.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000162.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000163.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000164.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000165.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000166.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000167.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000168.bat (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000170.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000171.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000172.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000173.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000175.bat (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000176.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000177.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000178.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000179.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000180.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000181.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000183.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000184.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000185.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000186.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000187.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000188.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000189.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000190.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000193.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000194.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000195.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000197.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000198.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000199.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000202.exe (Worm.Taterf) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000203.exe (Worm.Magania) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000207.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000209.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000210.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000211.exe (Worm.Magania) -> Quarantined and deleted successfully.
G:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP71\A0020851.exe (Trojan.GameThief) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP72\A0021215.exe (Worm.Magania) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021790.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021791.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021847.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021896.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP75\A0021937.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP76\A0021943.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP76\A0023059.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP77\A0023320.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP83\A0025634.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP83\A0025635.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP84\A0025857.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0003255.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP2\A0004212.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0003459.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP4\A0004546.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006176.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006256.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006273.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP7\A0006274.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP12\A0007073.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP12\A0007101.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP16\A0012243.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0001189.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0001210.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0001217.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003174.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003193.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003194.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0003239.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000069.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000212.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000214.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000215.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000216.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000218.bat (Worm.Magania) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000219.exe (Worm.Taterf) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000222.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000223.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000226.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000227.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000228.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000230.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000232.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000234.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\System Volume Information\_restore{8AF7C6E6-3BAB-4831-87F9-C7BB96AFFF28}\RP1\A0000235.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
W:\srgo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
8 nov. 2009 à 18:09
8 nov. 2009 à 18:09
Je vais te demander quelques trucs pour ne pas te supprimer des fichiers persos.
Connais-tu ces fichiers ?
*******
Que contiennent ces fichiers ?
C:\WINDOWS\system32\nhm_server_trace.txt
C:\MyVat.txt
C:\ptdebug.txt
C:\FRRENN0X00671-secu.txt
C:\JBSEQ.TXT
C:\appliid.txt
*******
Tu as des machines virutelles ?! Pourquoi faire ?
Connais-tu ces fichiers ?
C:\WINDOWS\tasks\cucokafe.job C:\WINDOWS\tasks\eyoxfmhv.job C:\WINDOWS\tasks\rkmmwpyb.job
*******
Que contiennent ces fichiers ?
C:\WINDOWS\system32\nhm_server_trace.txt
C:\MyVat.txt
C:\ptdebug.txt
C:\FRRENN0X00671-secu.txt
C:\JBSEQ.TXT
C:\appliid.txt
*******
Tu as des machines virutelles ?! Pourquoi faire ?
En fait c'est mon PC pro, donc on me l'a donné déjà configuré avec certaines choses que je ne connais pas forcément. S'il y a un doute sur un fichier, vu que le PC ne m'appartient pas, je préfère ne pas supprimer. Il faudrait que je puisse bosser demain lol
Pour les machines virtuelles, dans le cadre de mon travail j'ai eu à utiliser vmware, mais normalement je ne l'utilise plus depuis 1 an au moins.
Pour les machines virtuelles, dans le cadre de mon travail j'ai eu à utiliser vmware, mais normalement je ne l'utilise plus depuis 1 an au moins.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
8 nov. 2009 à 18:57
8 nov. 2009 à 18:57
Ok.
Dis moi le contenu des fichiers textes stp.
Si tu veux, héberge les ici et donne moi l'URL pour que je les consulte :
http://cijoint.fr/
******
Rends-toi ici :
C:\WINDOWS\Tasks
Clic droit sur chaque fichier suivant > Propriétés :
C:\WINDOWS\tasks\cucokafe.job
C:\WINDOWS\tasks\eyoxfmhv.job
C:\WINDOWS\tasks\rkmmwpyb.job
Et donne moi ce qu'il y a écrit dans la catégorie "Démarrer dans" dans chaque propriétés de fichier stp.
Dis moi le contenu des fichiers textes stp.
Si tu veux, héberge les ici et donne moi l'URL pour que je les consulte :
http://cijoint.fr/
******
Rends-toi ici :
C:\WINDOWS\Tasks
Clic droit sur chaque fichier suivant > Propriétés :
C:\WINDOWS\tasks\cucokafe.job
C:\WINDOWS\tasks\eyoxfmhv.job
C:\WINDOWS\tasks\rkmmwpyb.job
Et donne moi ce qu'il y a écrit dans la catégorie "Démarrer dans" dans chaque propriétés de fichier stp.
Alors:
C:\WINDOWS\system32\nhm_server_trace.txt => fichier vide
C:\ptdebug.txt => j'arrive pas à l'ouvrir, on me dit "ptdebug est utilisé par une autre application et ne veut pas s'ouvrir"
C:\FRRENN0X00671-secu.txt => ça c'est un fichier que je connais qui décrit le PC (mon nom, mon prénom, username, nom de domaine, IP, etc..)
C:\JBSEQ.TXT => celui là aussi je le connais, c'est un fichier de sortie d'un logiciel que j'utilise au boulot
C:\appliid.txt => fichier vide
Le fichier C:\MyVat.txt donne ça (j'ai effacé qq trucs dont j'étais pas sur s'il devait apparaitre publiquement, mais en gros c'est ça lol):
[EEPROM]
Running=Entered Run...
File=Extracted File...: C:\WINDOWS\TEMP\wmirom.exe
Start=Started Program
Enter=Started Timer...
Done=Not Time to Run the EEPROM Tool...20
TOOL=Failed To Extract EEPROM Tool... : C:\WINDOWS\TEMP\wmirom.exe
[GetIP]
[szTWOITSerial]
TAG=
[ERRORS]
ERROR=EEPROM read failed
[RegisteredUser]
[SQL]
[VAT]
[EXCEPTION]
EXCEPTION=Expiration du délai
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Pour les fichiers .job, ya rien dans "démarrer dans"
Merci !!
C:\WINDOWS\system32\nhm_server_trace.txt => fichier vide
C:\ptdebug.txt => j'arrive pas à l'ouvrir, on me dit "ptdebug est utilisé par une autre application et ne veut pas s'ouvrir"
C:\FRRENN0X00671-secu.txt => ça c'est un fichier que je connais qui décrit le PC (mon nom, mon prénom, username, nom de domaine, IP, etc..)
C:\JBSEQ.TXT => celui là aussi je le connais, c'est un fichier de sortie d'un logiciel que j'utilise au boulot
C:\appliid.txt => fichier vide
Le fichier C:\MyVat.txt donne ça (j'ai effacé qq trucs dont j'étais pas sur s'il devait apparaitre publiquement, mais en gros c'est ça lol):
[EEPROM]
Running=Entered Run...
File=Extracted File...: C:\WINDOWS\TEMP\wmirom.exe
Start=Started Program
Enter=Started Timer...
Done=Not Time to Run the EEPROM Tool...20
TOOL=Failed To Extract EEPROM Tool... : C:\WINDOWS\TEMP\wmirom.exe
[GetIP]
[szTWOITSerial]
TAG=
[ERRORS]
ERROR=EEPROM read failed
[RegisteredUser]
[SQL]
[VAT]
[EXCEPTION]
EXCEPTION=Expiration du délai
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Violation of PRIMARY KEY constraint 'PK_T_RegisterAssets'. Cannot insert duplicate key in object 'T_RegisterAssets'.
Pour les fichiers .job, ya rien dans "démarrer dans"
Merci !!
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
8 nov. 2009 à 20:50
8 nov. 2009 à 20:50
Vire les txt vides.
***
Pour les .job, qu'y a-t-il dans Exécuter alors (propriétés aussi).
Analyse ce fihcier :
C:\WINDOWS\TEMP\wmirom.exe
ici :
https://www.virustotal.com/gui/
Poste moi le rapport (si le fichier a déjà été analysé, refais le analyser stp).
****Si tu ne l'as pas trouvé essaye ceci :*******
Affiche les fichiers et dossiers cachés ainsi que les fichiers du système :
- Mes documents
- Outils
- Options des dossiers
- Onglet « Affichage »
- Coche Afficher les fichiers et dossiers cachés
- Décoche « Masquer les fichiers protégés du système d’exploitation (recommandé) »
Regarde maintenant si tu le trouves...
***
Pour les .job, qu'y a-t-il dans Exécuter alors (propriétés aussi).
Analyse ce fihcier :
C:\WINDOWS\TEMP\wmirom.exe
ici :
https://www.virustotal.com/gui/
Poste moi le rapport (si le fichier a déjà été analysé, refais le analyser stp).
****Si tu ne l'as pas trouvé essaye ceci :*******
Affiche les fichiers et dossiers cachés ainsi que les fichiers du système :
- Mes documents
- Outils
- Options des dossiers
- Onglet « Affichage »
- Coche Afficher les fichiers et dossiers cachés
- Décoche « Masquer les fichiers protégés du système d’exploitation (recommandé) »
Regarde maintenant si tu le trouves...
Alors dans exécuter, j'ai ça:
C:\WINDOWS\tasks\cucokafe.job => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\iifdaaXp.dll",d
C:\WINDOWS\tasks\eyoxfmhv.job => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\hgGwtrsT.dll",d
C:\WINDOWS\tasks\rkmmwpyb.job => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\geBqNecD.dll",d
Sinon, même en affichant les fichiers cachés et ceux protégés par l'OS, je ne trouve pas C:\WINDOWS\TEMP\wmirom.exe
Merci
@+
C:\WINDOWS\tasks\cucokafe.job => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\iifdaaXp.dll",d
C:\WINDOWS\tasks\eyoxfmhv.job => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\hgGwtrsT.dll",d
C:\WINDOWS\tasks\rkmmwpyb.job => C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\geBqNecD.dll",d
Sinon, même en affichant les fichiers cachés et ceux protégés par l'OS, je ne trouve pas C:\WINDOWS\TEMP\wmirom.exe
Merci
@+
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
9 nov. 2009 à 16:41
9 nov. 2009 à 16:41
Ok.
Supprime les 3 fichiers .job et C:\MyVat.txt
Avant de poursuivre, fais moi l'état des lieux du PC : des problèmes rencontrés, des améliorations, des changements ?
*****
Poste un nouveau rapport RSIT stp.
Supprime les 3 fichiers .job et C:\MyVat.txt
Avant de poursuivre, fais moi l'état des lieux du PC : des problèmes rencontrés, des améliorations, des changements ?
*****
Poste un nouveau rapport RSIT stp.
Ok j'ai supprimé les jobs.
Par contre le fichier Myvat.txt, dès que je le supprime, il est immédiatement recréé avec ça en contenu:
[EEPROM]
Done=Executed EEPROM Tool...79
Pour le fonctionnement général du PC, je dirais qu'il est bon, une fois allumé lol...parce qu'il me faut 20 bonnes minutes pour l'allumer correctement. ou après le démarrage de windows, une fenêtre bleue avec des écritures apparait super rapidement et disparait aussitot ensuite le pc redémarre, ou la page de login windows s'affiche avec une résolution d'écran ENORME! Au début, je pensais que c'était surement lié à mes pb de virus mais ça doit etre autre chose..
Voilà le nouveau rapport RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by abouchou at 2009-11-09 21:26:22
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 30 GB
Total RAM: 3063 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:44, on 09/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Citrix\Client ICA\pnagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\teraterm\ttpmenu.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ROMServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\FileZilla Client\filezilla.exe
C:\Program Files\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collector.lnk = C:\Program Files\teraterm\Collector\Collector.exe
O4 - Startup: TeraTerm Menu.lnk = C:\Program Files\teraterm\ttpmenu.exe
O4 - Global Startup: Agent Program Neighborhood.lnk = C:\Program Files\Citrix\Client ICA\pnagent.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://172.17.128.226/dvc.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CBCF8AB4-8A12-4A8A-A22D-36480B41DC78} (eDataInstall ActiveX control, Version 4.0) - http://coopnet.multimedia-conference.orange-business.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lfmsdy.dll c:\windows\system32\rotawapo.dll c:\windows\system32\fogiguzu.dll c:\windows\system32\fesorega.dll c:\windows\system32\zodetego.dll c:\windows\system32\wahayaga.dll c:\windows\system32\nutowuko.dll c:\windows\system32\vetajume.dll c:\windows\system32\gofizesa.dll c:\windows\system32\buyetuza.dll c:\windows\system32\hadezabi.dll c:\windows\system32\yozezuna.dll c:\windows\system32\ravebavi.dll c:\windows\system32\mohafilu.dll c:\windows\system32\lehuguwe.dll c:\windows\system32\ruyutave.dll c:\windows\system32\vuwupajo.dll c:\windows\system32\sujegaru.dll c:\windows\system32\fuweyofa.dll c:\windows\system32\dimisawo.dll c:\windows\system32\dafanole.dll c:\windows\system32\janifedu.dll c:\windows\system32\pisefire.dll c:\windows\system32\yutobayu.dll c:\windows\system32\gehufidu.dll c:\windows\system32\dutudari.dll c:\windows\system32\goralaro.dll c:\windows\system32\yesileya.dll c:\windows\system32\lebenesa.dll c:\windows\system32\movoyari.dll c:\windows\system32\hilemebu.dll c:\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EEPROM Service Module (EEPROMService) - Unknown owner - C:\WINDOWS\system32\ROMServ.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\ORACLE\ora81\BIN\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
Par contre le fichier Myvat.txt, dès que je le supprime, il est immédiatement recréé avec ça en contenu:
[EEPROM]
Done=Executed EEPROM Tool...79
Pour le fonctionnement général du PC, je dirais qu'il est bon, une fois allumé lol...parce qu'il me faut 20 bonnes minutes pour l'allumer correctement. ou après le démarrage de windows, une fenêtre bleue avec des écritures apparait super rapidement et disparait aussitot ensuite le pc redémarre, ou la page de login windows s'affiche avec une résolution d'écran ENORME! Au début, je pensais que c'était surement lié à mes pb de virus mais ça doit etre autre chose..
Voilà le nouveau rapport RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by abouchou at 2009-11-09 21:26:22
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 30 GB
Total RAM: 3063 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:44, on 09/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Citrix\Client ICA\pnagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\teraterm\ttpmenu.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ROMServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireTray.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\FileZilla Client\filezilla.exe
C:\Program Files\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collector.lnk = C:\Program Files\teraterm\Collector\Collector.exe
O4 - Startup: TeraTerm Menu.lnk = C:\Program Files\teraterm\ttpmenu.exe
O4 - Global Startup: Agent Program Neighborhood.lnk = C:\Program Files\Citrix\Client ICA\pnagent.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://172.17.128.226/dvc.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CBCF8AB4-8A12-4A8A-A22D-36480B41DC78} (eDataInstall ActiveX control, Version 4.0) - http://coopnet.multimedia-conference.orange-business.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lfmsdy.dll c:\windows\system32\rotawapo.dll c:\windows\system32\fogiguzu.dll c:\windows\system32\fesorega.dll c:\windows\system32\zodetego.dll c:\windows\system32\wahayaga.dll c:\windows\system32\nutowuko.dll c:\windows\system32\vetajume.dll c:\windows\system32\gofizesa.dll c:\windows\system32\buyetuza.dll c:\windows\system32\hadezabi.dll c:\windows\system32\yozezuna.dll c:\windows\system32\ravebavi.dll c:\windows\system32\mohafilu.dll c:\windows\system32\lehuguwe.dll c:\windows\system32\ruyutave.dll c:\windows\system32\vuwupajo.dll c:\windows\system32\sujegaru.dll c:\windows\system32\fuweyofa.dll c:\windows\system32\dimisawo.dll c:\windows\system32\dafanole.dll c:\windows\system32\janifedu.dll c:\windows\system32\pisefire.dll c:\windows\system32\yutobayu.dll c:\windows\system32\gehufidu.dll c:\windows\system32\dutudari.dll c:\windows\system32\goralaro.dll c:\windows\system32\yesileya.dll c:\windows\system32\lebenesa.dll c:\windows\system32\movoyari.dll c:\windows\system32\hilemebu.dll c:\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EEPROM Service Module (EEPROMService) - Unknown owner - C:\WINDOWS\system32\ROMServ.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\ORACLE\ora81\BIN\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
9 nov. 2009 à 23:34
9 nov. 2009 à 23:34
Supprime ces fichiers manuellement et supprime les de la corbeille :
C:\WINDOWS\DUMP5999.tmp
C:\WINDOWS\DUMP5d52.tmp
C:\WINDOWS\DUMP69c6.tmp
C:\WINDOWS\DUMPc265.tmp
C:\WINDOWS\system32\pibujudo.dll
********
Relance Hijackthis.
Il se trouve ici :
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
Clique sur "Do a system scan only".
Coche ces lignes :
Clique ensuite sur fix checked.
Ferme Hijackthis.
******
Poste un nouveau rapport RSIT.
Pour ne pas encombrer le topic, héberge le sur ci-joint stp :
http://cijoint.fr/
Envoie l'URL ensuite.
C:\WINDOWS\DUMP5999.tmp
C:\WINDOWS\DUMP5d52.tmp
C:\WINDOWS\DUMP69c6.tmp
C:\WINDOWS\DUMPc265.tmp
C:\WINDOWS\system32\pibujudo.dll
********
Relance Hijackthis.
Il se trouve ici :
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
Clique sur "Do a system scan only".
Coche ces lignes :
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O20 - AppInit_DLLs: lfmsdy.dll c:\windows\system32\rotawapo.dll c:\windows\system32\fogiguzu.dll c:\windows\system32\fesorega.dll c:\windows\system32\zodetego.dll c:\windows\system32\wahayaga.dll c:\windows\system32\nutowuko.dll c:\windows\system32\vetaju
Clique ensuite sur fix checked.
Ferme Hijackthis.
******
Poste un nouveau rapport RSIT.
Pour ne pas encombrer le topic, héberge le sur ci-joint stp :
http://cijoint.fr/
Envoie l'URL ensuite.
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
10 nov. 2009 à 16:26
10 nov. 2009 à 16:26
Vérif :
Pour supprimer le service sous XP :
Clique sur Démarrer puis Exécuter
Tape ceci dans la petite fenêtre qui s’est ouverte :
cmd
Dans la fenêtre noire qui s’affiche, tape ceci :
sc stop mchInjDrv
Puis tape sur Entrée.
sc delete mchInjDrv
Puis tape sur Entrée à nouveau.
Dis moi ce qui s'est affiché dans la console stp.
Ferme ensuite la fenêtre noire.
Pour supprimer le service sous XP :
Clique sur Démarrer puis Exécuter
Tape ceci dans la petite fenêtre qui s’est ouverte :
cmd
Dans la fenêtre noire qui s’affiche, tape ceci :
sc stop mchInjDrv
Puis tape sur Entrée.
sc delete mchInjDrv
Puis tape sur Entrée à nouveau.
Dis moi ce qui s'est affiché dans la console stp.
Ferme ensuite la fenêtre noire.
Voilà le rapport OTM:
Merci
++
All processes killed
Error: Unable to interpret <:Procédure:> in the current context!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"notification packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
========== SERVICES/DRIVERS ==========
No service named mchInjDrv was found to stop!
Unable to stop service mchInjDrv!
========== COMMANDS ==========
[EMPTYTEMP]
User:
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User:
->Temp folder emptied: 415251797 bytes
->Temporary Internet Files folder emptied: 176933349 bytes
->Java cache emptied: 44444114 bytes
->FireFox cache emptied: 43637721 bytes
User:
->Temp folder emptied: 2906 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Administrateur
->Temp folder emptied: 6267545 bytes
->Temporary Internet Files folder emptied: 5919454 bytes
->Java cache emptied: 67334312 bytes
->FireFox cache emptied: 9519065 bytes
User: All Users
User: chbranch
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 2921563 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: jeanmian
->Temp folder emptied: 6134009 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 696922 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 879813 bytes
User: scorroye
->Temp folder emptied: 3001 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ssiefert
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ylaniess
->Temp folder emptied: 50432 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ztadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2213241 bytes
%systemroot%\System32 .tmp files removed: 10669902 bytes
Windows Temp folder emptied: -881624083 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1371195793 bytes
Total Files Cleaned = 1223,39 mb
OTM by OldTimer - Version 3.1.1.0 log created on 11122009_003624
Files moved on Reboot...
Registry entries deleted on Reboot...
Merci
++
All processes killed
Error: Unable to interpret <:Procédure:> in the current context!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"notification packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
========== SERVICES/DRIVERS ==========
No service named mchInjDrv was found to stop!
Unable to stop service mchInjDrv!
========== COMMANDS ==========
[EMPTYTEMP]
User:
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User:
->Temp folder emptied: 415251797 bytes
->Temporary Internet Files folder emptied: 176933349 bytes
->Java cache emptied: 44444114 bytes
->FireFox cache emptied: 43637721 bytes
User:
->Temp folder emptied: 2906 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Administrateur
->Temp folder emptied: 6267545 bytes
->Temporary Internet Files folder emptied: 5919454 bytes
->Java cache emptied: 67334312 bytes
->FireFox cache emptied: 9519065 bytes
User: All Users
User: chbranch
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 2921563 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: jeanmian
->Temp folder emptied: 6134009 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 696922 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 879813 bytes
User: scorroye
->Temp folder emptied: 3001 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ssiefert
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ylaniess
->Temp folder emptied: 50432 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: ztadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2213241 bytes
%systemroot%\System32 .tmp files removed: 10669902 bytes
Windows Temp folder emptied: -881624083 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1371195793 bytes
Total Files Cleaned = 1223,39 mb
OTM by OldTimer - Version 3.1.1.0 log created on 11122009_003624
Files moved on Reboot...
Registry entries deleted on Reboot...
crapoulou
Messages postés
28161
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 994
10 nov. 2009 à 17:33
10 nov. 2009 à 17:33
Ok.
Je me doutais c'était une "vérif"
*********
/!\ Procédure réservée à Jean Ba. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\
Télécharge OTM (de Old_Timer) sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.
:Procédure:
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
:Services
mchInjDrv
:Commands
[purity]
[emptytemp]
Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s’affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Je me doutais c'était une "vérif"
*********
/!\ Procédure réservée à Jean Ba. Ne tentez pas de la reproduire si vous avez un problème similaire sous peine de planter votre machine /!\
Télécharge OTM (de Old_Timer) sur ton Bureau.
= = = = >>> En cliquant ici <<< = = = =
Une fois installé sur le bureau, double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll’s and Ocx’s soit bien cochée
Copie la liste qui se trouve en gras ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt :
Paste Instructions for Items to be moved.
:Procédure:
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
:Services
mchInjDrv
:Commands
[purity]
[emptytemp]
Clique sur MoveIt! pour lancer la suppression.
Après avoir fait Moveit!, une fenêtre s’affiche :
"The system requires a reboot to finish removing files. Do you want to reboot now ?"
Réponds Yes.
Le résultat apparaîtra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
8 nov. 2009 à 17:57
Voilà pour le rapport RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by abouchou at 2009-11-08 17:52:16
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 2 GB (8%) free of 30 GB
Total RAM: 3063 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:49, on 08/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Citrix\Client ICA\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ROMServ.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Citrix\Client ICA\pnagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\teraterm\ttpmenu.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\CCM\SMSCliUI.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\abouchou.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Collector.lnk = C:\Program Files\teraterm\Collector\Collector.exe
O4 - Startup: TeraTerm Menu.lnk = C:\Program Files\teraterm\ttpmenu.exe
O4 - Global Startup: Agent Program Neighborhood.lnk = C:\Program Files\Citrix\Client ICA\pnagent.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: iLO 2 Remote Console Applet - https://172.17.128.226/dvc.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CBCF8AB4-8A12-4A8A-A22D-36480B41DC78} (eDataInstall ActiveX control, Version 4.0) - http://coopnet.multimedia-conference.orange-business.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: lfmsdy.dll c:\windows\system32\rotawapo.dll c:\windows\system32\fogiguzu.dll c:\windows\system32\fesorega.dll c:\windows\system32\zodetego.dll c:\windows\system32\wahayaga.dll c:\windows\system32\nutowuko.dll c:\windows\system32\vetajume.dll c:\windows\system32\gofizesa.dll c:\windows\system32\buyetuza.dll c:\windows\system32\hadezabi.dll c:\windows\system32\yozezuna.dll c:\windows\system32\ravebavi.dll c:\windows\system32\mohafilu.dll c:\windows\system32\lehuguwe.dll c:\windows\system32\ruyutave.dll c:\windows\system32\vuwupajo.dll c:\windows\system32\sujegaru.dll c:\windows\system32\fuweyofa.dll c:\windows\system32\dimisawo.dll c:\windows\system32\dafanole.dll c:\windows\system32\janifedu.dll c:\windows\system32\pisefire.dll c:\windows\system32\yutobayu.dll c:\windows\system32\gehufidu.dll c:\windows\system32\dutudari.dll c:\windows\system32\goralaro.dll c:\windows\system32\yesileya.dll c:\windows\system32\lebenesa.dll c:\windows\system32\movoyari.dll c:\windows\system32\hilemebu.dll c:\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EEPROM Service Module (EEPROMService) - Unknown owner - C:\WINDOWS\system32\ROMServ.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation - C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\ORACLE\ora81\BIN\ONRSD.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe