Quel virus m'infecte
valy67
-
did71 Messages postés 2187 Statut Contributeur sécurité -
did71 Messages postés 2187 Statut Contributeur sécurité -
bonjour,
j'ai un gros soucis depuis plus de 2 mois avec mon ordi : il est super lent et en plus des déconnections avec un mesage d'erreur "Windows doit mainteant redémarrer car le service appel de Procédure à Distance (RPC) s'est terminé de façon inattendue (même lorsque je suis connectée en mode sans échec avec prise en charge su réseau)
voici deux rapports d'analyse que j'ai fait dernièrement :
1- AVG Anti spyware et
2- Hijackthis
Je n'en paux plus car je ne peux plus travailler avec ma bécane !!
Qui peux m'aider ???
merci valy67
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:00:24 05/02/2007
+ Résultat de l'analyse:
C:\Program Files\PeDevice\PeDev.dll -> Adware.Delfin : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\eoo.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\awtsspp.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups\backups.zip/backups/winIogon.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\csrs.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\kebnjjga.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\logon.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winamp.exe -> Backdoor.IRCBot.yb : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\spooIsv.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winIogon.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\dtx.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\oan.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uwu.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\zku.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGTT9BHD\blanko[1].exe -> Backdoor.Sdbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FVD5HWLW\blanko[1].exe -> Backdoor.SdBot.aad : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UVQU4WCV\blanko[1].exe -> Backdoor.SdBot.bca : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\blanko[1].exe -> Backdoor.SdBot.bca : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups_old1\backups.zip/backups/snchost.exe -> Backdoor.SdBot.bcm : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\fez.exe -> Backdoor.SdBot.bdi : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ktg.exe -> Backdoor.SdBot.bdi : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wimanp.exe -> Backdoor.SdBot.bdk : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\regdll.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ibn.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\kvd.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\pvz.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uwt.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\gsy.exe -> Backdoor.VanBot.ar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGTT9BHD\ba[1].exe -> Backdoor.Wisdoor.v : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\kamxz.exe -> Backdoor.Wisdoor.v : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FVD5HWLW\fr[1].exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\fr[1].exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\j1zth.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\w2e7r4p2v4.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\w2e7r4p2v4p2.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\x3a9o7s6w9.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\x3a9o7s6w9y3.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ctfmon32.dll -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\runtime[1].exe -> Trojan.Agent.abl : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\rsy32.exe -> Trojan.Agent.abl : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\rsy32.exe -> Trojan.Agent.abl : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups_old1\backups.zip/backups/msnmsgr.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\fsh.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\luc.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\swt.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xfr.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xga.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\jado.exe -> Trojan.FwBypass.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\bafyv.exe -> Trojan.Lineage.aeh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\nxsycujp.exe -> Trojan.Lineage.aeh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uqyxlc.exe -> Trojan.Lineage.aeh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wintsvit.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et voici le rapport de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:02:59, on 05/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\lqdrnihe.dll",setvm
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.c [...] 10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
j'ai un gros soucis depuis plus de 2 mois avec mon ordi : il est super lent et en plus des déconnections avec un mesage d'erreur "Windows doit mainteant redémarrer car le service appel de Procédure à Distance (RPC) s'est terminé de façon inattendue (même lorsque je suis connectée en mode sans échec avec prise en charge su réseau)
voici deux rapports d'analyse que j'ai fait dernièrement :
1- AVG Anti spyware et
2- Hijackthis
Je n'en paux plus car je ne peux plus travailler avec ma bécane !!
Qui peux m'aider ???
merci valy67
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:00:24 05/02/2007
+ Résultat de l'analyse:
C:\Program Files\PeDevice\PeDev.dll -> Adware.Delfin : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\eoo.dll -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\awtsspp.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups\backups.zip/backups/winIogon.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\csrs.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\kebnjjga.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\logon.exe -> Backdoor.Agobot.aix : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winamp.exe -> Backdoor.IRCBot.yb : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\spooIsv.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winIogon.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\dtx.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\oan.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uwu.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\zku.exe -> Backdoor.Rbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGTT9BHD\blanko[1].exe -> Backdoor.Sdbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FVD5HWLW\blanko[1].exe -> Backdoor.SdBot.aad : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UVQU4WCV\blanko[1].exe -> Backdoor.SdBot.bca : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\blanko[1].exe -> Backdoor.SdBot.bca : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups_old1\backups.zip/backups/snchost.exe -> Backdoor.SdBot.bcm : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\fez.exe -> Backdoor.SdBot.bdi : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ktg.exe -> Backdoor.SdBot.bdi : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wimanp.exe -> Backdoor.SdBot.bdk : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\regdll.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ibn.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\kvd.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\pvz.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uwt.exe -> Backdoor.SdBot.bdu : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\gsy.exe -> Backdoor.VanBot.ar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DGTT9BHD\ba[1].exe -> Backdoor.Wisdoor.v : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\kamxz.exe -> Backdoor.Wisdoor.v : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FVD5HWLW\fr[1].exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\fr[1].exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\j1zth.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\w2e7r4p2v4.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\w2e7r4p2v4p2.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\x3a9o7s6w9.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\x3a9o7s6w9y3.exe -> Dialer.Agent.b : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\ctfmon32.dll -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@as1.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Tiphaine\Cookies\tiphaine@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\runtime[1].exe -> Trojan.Agent.abl : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\rsy32.exe -> Trojan.Agent.abl : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\rsy32.exe -> Trojan.Agent.abl : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Trojan.Agent.acl : Nettoyé et sauvegardé (mise en quarantaine).
C:\SDFix\backups_old1\backups.zip/backups/msnmsgr.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\fsh.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\luc.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\swt.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xfr.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\xga.exe -> Trojan.Agent.ncg : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\jado.exe -> Trojan.FwBypass.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\bafyv.exe -> Trojan.Lineage.aeh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\nxsycujp.exe -> Trojan.Lineage.aeh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\uqyxlc.exe -> Trojan.Lineage.aeh : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\wintsvit.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
et voici le rapport de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 22:02:59, on 05/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\lqdrnihe.dll",setvm
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.c [...] 10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
A voir également:
- Quel virus m'infecte
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
30 réponses
Bonsoir valy67,
il a de quoi ramer ton pc!
hyper infecté!
on commence!
1) Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Zolero
Tizzletalk
MediaTickets
Cowabanga
Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.
Redémarre normalement.
2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau:
http://www.atribune.org/public-beta/VundoFix.exe
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
a+
il a de quoi ramer ton pc!
hyper infecté!
on commence!
1) Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Zolero
Tizzletalk
MediaTickets
Cowabanga
Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.
Redémarre normalement.
2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau:
http://www.atribune.org/public-beta/VundoFix.exe
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
a+
merci pour ton aide.
J'ai fait les manip, et voilà les 2 rapports
vundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 21:58:06 09/02/2007
Listing files found while scanning....
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\cbxyw.dll
C:\WINDOWS\system32\ehinrdql.ini
C:\WINDOWS\system32\hpftbvxy.dll
C:\WINDOWS\system32\ldcoovix.exe
C:\WINDOWS\system32\lqdrnihe.dll
C:\WINDOWS\System32\qdwfuuud.dll
C:\WINDOWS\system32\wqqnllci.dll
C:\WINDOWS\system32\wratfrlx.exe
C:\WINDOWS\System32\wyxbc.bak1
C:\WINDOWS\System32\wyxbc.bak2
C:\WINDOWS\System32\wyxbc.ini
Beginning removal...
Attempting to delete C:\WINDOWS\System32\cbxyw.dll
C:\WINDOWS\System32\cbxyw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ehinrdql.ini
C:\WINDOWS\system32\ehinrdql.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hpftbvxy.dll
C:\WINDOWS\system32\hpftbvxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ldcoovix.exe
C:\WINDOWS\system32\ldcoovix.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\lqdrnihe.dll
C:\WINDOWS\system32\lqdrnihe.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\qdwfuuud.dll
C:\WINDOWS\System32\qdwfuuud.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wqqnllci.dll
C:\WINDOWS\system32\wqqnllci.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wratfrlx.exe
C:\WINDOWS\system32\wratfrlx.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\wyxbc.bak1
C:\WINDOWS\System32\wyxbc.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\wyxbc.bak2
C:\WINDOWS\System32\wyxbc.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\wyxbc.ini
C:\WINDOWS\System32\wyxbc.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\System32\cbxyw.dll
C:\WINDOWS\System32\cbxyw.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 22:15:37, on 09/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5703BA45-0AA0-525A-A19C-01D5FC55B5CC} - C:\WINDOWS\System32\bqbttis.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {69E042EA-77B9-4ACF-970C-D1702A822792} - C:\WINDOWS\System32\cbxyw.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\qdwfuuud.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
J'ai fait les manip, et voilà les 2 rapports
vundoFix V6.3.5
Checking Java version...
Sun Java not detected
Scan started at 21:58:06 09/02/2007
Listing files found while scanning....
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\cbxyw.dll
C:\WINDOWS\system32\ehinrdql.ini
C:\WINDOWS\system32\hpftbvxy.dll
C:\WINDOWS\system32\ldcoovix.exe
C:\WINDOWS\system32\lqdrnihe.dll
C:\WINDOWS\System32\qdwfuuud.dll
C:\WINDOWS\system32\wqqnllci.dll
C:\WINDOWS\system32\wratfrlx.exe
C:\WINDOWS\System32\wyxbc.bak1
C:\WINDOWS\System32\wyxbc.bak2
C:\WINDOWS\System32\wyxbc.ini
Beginning removal...
Attempting to delete C:\WINDOWS\System32\cbxyw.dll
C:\WINDOWS\System32\cbxyw.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ehinrdql.ini
C:\WINDOWS\system32\ehinrdql.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\hpftbvxy.dll
C:\WINDOWS\system32\hpftbvxy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ldcoovix.exe
C:\WINDOWS\system32\ldcoovix.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\lqdrnihe.dll
C:\WINDOWS\system32\lqdrnihe.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\qdwfuuud.dll
C:\WINDOWS\System32\qdwfuuud.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wqqnllci.dll
C:\WINDOWS\system32\wqqnllci.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\wratfrlx.exe
C:\WINDOWS\system32\wratfrlx.exe Has been deleted!
Attempting to delete C:\WINDOWS\System32\wyxbc.bak1
C:\WINDOWS\System32\wyxbc.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\wyxbc.bak2
C:\WINDOWS\System32\wyxbc.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\wyxbc.ini
C:\WINDOWS\System32\wyxbc.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\System32\cbxyw.dll
C:\WINDOWS\System32\cbxyw.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 22:15:37, on 09/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5703BA45-0AA0-525A-A19C-01D5FC55B5CC} - C:\WINDOWS\System32\bqbttis.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {69E042EA-77B9-4ACF-970C-D1702A822792} - C:\WINDOWS\System32\cbxyw.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\qdwfuuud.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
re,
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\System32\cbxyw.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis
a+
* Relance Vundofix
* Ne clique pas sur "Scan for a vundo"
* Clique droit au milieu de la fenêtre
* Clique sur Add more files ?
* Copie/colle les fichiers ci-dessous ( un par case) :
C:\WINDOWS\System32\cbxyw.dll
* Clique sur Add files
* Ensuite clique sur Close Windows
* Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
* Si l'outils demande un redémarrage, accepte
* Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis
a+
et voilà le résultat
Beginning removal...
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 22:47:52, on 09/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5703BA45-0AA0-525A-A19C-01D5FC55B5CC} - C:\WINDOWS\System32\bqbttis.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {69E042EA-77B9-4ACF-970C-D1702A822792} - C:\WINDOWS\System32\cbxyw.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\qdwfuuud.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
Beginning removal...
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 22:47:52, on 09/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5703BA45-0AA0-525A-A19C-01D5FC55B5CC} - C:\WINDOWS\System32\bqbttis.dll (file missing)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {69E042EA-77B9-4ACF-970C-D1702A822792} - C:\WINDOWS\System32\cbxyw.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\qdwfuuud.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir,
1) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
O2 - BHO: (no name) - {5703BA45-0AA0-525A-A19C-01D5FC55B5CC} - C:\WINDOWS\System32\bqbttis.dll (file missing)
O2 - BHO: (no name) - {69E042EA-77B9-4ACF-970C-D1702A822792} - C:\WINDOWS\System32\cbxyw.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\qdwfuuud.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
2) recherche et supprime les fichiers/dossiers en gras ci dessous:
C:\WINDOWS\System32\firewall.exe
C:\WINDOWS\System32\svchosts.exe FAIS BIEN ATTENTION C'EST SVCHOSTS ET NON
SVCHOST
C:\WINDOWS\lsass.exe
C:\WINDOWS\regdll.exe
C:\WINDOWS\msnmsgr.exe
C:\WINDOWS\system32\vcmon.exe
3) Télécharge clean.zip
http://www2.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
4) poste un nouvel hijackthis!
a+
1) relance hijackthis, coche les lignes citées ci dessous et fix checked (toutes fenêtres IE fermées) :
O2 - BHO: (no name) - {5703BA45-0AA0-525A-A19C-01D5FC55B5CC} - C:\WINDOWS\System32\bqbttis.dll (file missing)
O2 - BHO: (no name) - {69E042EA-77B9-4ACF-970C-D1702A822792} - C:\WINDOWS\System32\cbxyw.dll (file missing)
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\qdwfuuud.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{3C99B~1\Bar888.dll
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e mc-110-12-0000144 (file missing)
O23 - Service: LSA Shell Export-Version - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Register DLL Driver - Unknown owner - C:\WINDOWS\regdll.exe (file missing)
O23 - Service: Windows Messenger - Unknown owner - C:\WINDOWS\msnmsgr.exe (file missing)
O23 - Service: Windows Terminal Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
2) recherche et supprime les fichiers/dossiers en gras ci dessous:
C:\WINDOWS\System32\firewall.exe
C:\WINDOWS\System32\svchosts.exe FAIS BIEN ATTENTION C'EST SVCHOSTS ET NON
SVCHOST
C:\WINDOWS\lsass.exe
C:\WINDOWS\regdll.exe
C:\WINDOWS\msnmsgr.exe
C:\WINDOWS\system32\vcmon.exe
3) Télécharge clean.zip
http://www2.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
4) poste un nouvel hijackthis!
a+
merci pour ton aide. Voici les 2 rapports :
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 11/02/2007 a 21:45:33,16
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\csrs.exe FOUND
C:\WINDOWS\system32\i FOUND
C:\WINDOWS\system32\logon.exe FOUND
C:\WINDOWS\system32\lssas.exe FOUND
C:\WINDOWS\system32\nfomon\ FOUND
C:\WINDOWS\system32\spoolsvc.exe FOUND
C:\WINDOWS\system32\starter.exe FOUND
C:\WINDOWS\system32\vidmon\vidmon.exe FOUND
C:\WINDOWS\system32\winamp.exe FOUND
C:\WINDOWS\system32\wintsvit.exe FOUND
"C:\Program Files\Fichiers communs\Yazzle????OinAdmin.exe" FOUND
C:\WINDOWS\MANTEC~1\ FOUND
C:\WINDOWS\WNSXS~1\ FOUND
"C:\Program Files\dialware\" FOUND
"C:\Program Files\InetGet2\" FOUND
"C:\Program Files\Outerinfo" FOUND
"C:\Program Files\PeDevice\" FOUND
"C:\Program Files\VSAdd-in\" FOUND
*** Fin du rapport !
Logfile of HijackThis v1.99.1
Scan saved at 21:39:10, on 11/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FA744E7E-F892-AD69-CB3A-FBBADA4717C1} - C:\WINDOWS\System32\rss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\wimanp.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 11/02/2007 a 21:45:33,16
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\csrs.exe FOUND
C:\WINDOWS\system32\i FOUND
C:\WINDOWS\system32\logon.exe FOUND
C:\WINDOWS\system32\lssas.exe FOUND
C:\WINDOWS\system32\nfomon\ FOUND
C:\WINDOWS\system32\spoolsvc.exe FOUND
C:\WINDOWS\system32\starter.exe FOUND
C:\WINDOWS\system32\vidmon\vidmon.exe FOUND
C:\WINDOWS\system32\winamp.exe FOUND
C:\WINDOWS\system32\wintsvit.exe FOUND
"C:\Program Files\Fichiers communs\Yazzle????OinAdmin.exe" FOUND
C:\WINDOWS\MANTEC~1\ FOUND
C:\WINDOWS\WNSXS~1\ FOUND
"C:\Program Files\dialware\" FOUND
"C:\Program Files\InetGet2\" FOUND
"C:\Program Files\Outerinfo" FOUND
"C:\Program Files\PeDevice\" FOUND
"C:\Program Files\VSAdd-in\" FOUND
*** Fin du rapport !
Logfile of HijackThis v1.99.1
Scan saved at 21:39:10, on 11/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FA744E7E-F892-AD69-CB3A-FBBADA4717C1} - C:\WINDOWS\System32\rss.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
O4 - HKLM\..\Run: [Services] C:\WINDOWS\System32\wimanp.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\System32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [vidmon] C:\WINDOWS\System32\vidmon\vidmon.exe
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
re,
1) Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Zolero
Tizzletalk
MediaTickets
Cowabanga
Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.
Redémarre normalement.
2) relance cleanzip,
Choisis cette fois l'option 2!
Poste le rapport ensuite
3) Télécharge Blacklight (de F-Secure), sauvegarde le sur ton Bureau:
https://europe.f-secure.com/exclude/blacklight/index.shtml
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse!
a+
1) Télécharge ceci
http://www.outerinfo.com/OiUninstaller.exe
Sauvegarde le sur le Bureau.
Regarde si tu as ces programmes dans Ajout/suppression de programmes. Désinstalle les si présent.
Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
ou d'autres similaires avec Oin ou Outerinfo dedans
Zolero
Tizzletalk
MediaTickets
Cowabanga
Lance OiUninstaller.exe
Entre le code qui apparait.
Clique sur Uninstall.
Clique sur OK ensuite.
Redémarre normalement.
2) relance cleanzip,
Choisis cette fois l'option 2!
Poste le rapport ensuite
3) Télécharge Blacklight (de F-Secure), sauvegarde le sur ton Bureau:
https://europe.f-secure.com/exclude/blacklight/index.shtml
Double-clique blbeta.exe et accepte la licence ;clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse!
a+
c'est fait. voici les rapport, et j'y ajoute un de hijackthis executé en mode normal
02/11/07 22:36:10 [Info]: BlackLight Engine 1.0.55 initialized
02/11/07 22:36:10 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/11/07 22:36:10 [Note]: 7019 4
02/11/07 22:36:10 [Note]: 7005 0
02/11/07 22:36:15 [Note]: 7006 0
02/11/07 22:36:15 [Note]: 7011 1164
02/11/07 22:36:16 [Note]: 7026 0
02/11/07 22:36:16 [Note]: 7026 0
02/11/07 22:36:44 [Note]: FSRAW library version 1.7.1021
02/11/07 22:41:21 [Note]: 2000 1012
02/11/07 22:57:57 [Note]: 7007 0
Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 11/02/2007 a 22:34:19,19
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\i
tentative de suppression de C:\WINDOWS\system32\lssas.exe
tentative de suppression de C:\WINDOWS\system32\nfomon\
tentative de suppression de C:\WINDOWS\system32\spoolsvc.exe
tentative de suppression de C:\WINDOWS\system32\starter.exe
tentative de suppression de "C:\Program Files\Fichiers communs\Yazzle????OinAdmin.exe"
tentative de suppression de C:\WINDOWS\MANTEC~1\
tentative de suppression de C:\WINDOWS\WNSXS~1\
tentative de suppression de "C:\Program Files\dialware\"
tentative de suppression de "C:\Program Files\InetGet2\"
tentative de suppression de "C:\Program Files\PeDevice\"
tentative de suppression de "C:\Program Files\VSAdd-in\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Logfile of HijackThis v1.99.1
Scan saved at 22:59:56, on 11/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FA744E7E-F892-AD69-CB3A-FBBADA4717C1} - C:\WINDOWS\System32\rss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
02/11/07 22:36:10 [Info]: BlackLight Engine 1.0.55 initialized
02/11/07 22:36:10 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/11/07 22:36:10 [Note]: 7019 4
02/11/07 22:36:10 [Note]: 7005 0
02/11/07 22:36:15 [Note]: 7006 0
02/11/07 22:36:15 [Note]: 7011 1164
02/11/07 22:36:16 [Note]: 7026 0
02/11/07 22:36:16 [Note]: 7026 0
02/11/07 22:36:44 [Note]: FSRAW library version 1.7.1021
02/11/07 22:41:21 [Note]: 2000 1012
02/11/07 22:57:57 [Note]: 7007 0
Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 11/02/2007 a 22:34:19,19
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\i
tentative de suppression de C:\WINDOWS\system32\lssas.exe
tentative de suppression de C:\WINDOWS\system32\nfomon\
tentative de suppression de C:\WINDOWS\system32\spoolsvc.exe
tentative de suppression de C:\WINDOWS\system32\starter.exe
tentative de suppression de "C:\Program Files\Fichiers communs\Yazzle????OinAdmin.exe"
tentative de suppression de C:\WINDOWS\MANTEC~1\
tentative de suppression de C:\WINDOWS\WNSXS~1\
tentative de suppression de "C:\Program Files\dialware\"
tentative de suppression de "C:\Program Files\InetGet2\"
tentative de suppression de "C:\Program Files\PeDevice\"
tentative de suppression de "C:\Program Files\VSAdd-in\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Logfile of HijackThis v1.99.1
Scan saved at 22:59:56, on 11/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FA744E7E-F892-AD69-CB3A-FBBADA4717C1} - C:\WINDOWS\System32\rss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
re,
parfait!
on continue!
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+
parfait!
on continue!
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+
et voilà les 2 rapports
SDFix: Version 1.62
15/02/2007 - 21:41:45,81
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Register DLL Driver
Windows Messenger
Path:
"C:\WINDOWS\regdll.exe"
"C:\WINDOWS\msnmsgr.exe"
Register DLL Driver Deleted
Windows Messenger Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
C:\WINDOWS\system32\Microsoft\backup.ftp Found...
C:\WINDOWS\system32\Microsoft\backup.tftp Found...
Checking files:
Genuine:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\Program Files\Fichiers communs\Yazzle1658OinUninstaller.exe
C:\QooBox\Purity\WINDOWS\SSEMBL~1\wucrtupd.exe
C:\WINDOWS\system32\atou.exe
C:\WINDOWS\system32\bcmdxgsg.exe
C:\WINDOWS\system32\buceooi.exe
C:\WINDOWS\system32\ccuvgbr.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\cjgzoqn.exe
C:\WINDOWS\system32\cqwpveuw.exe
C:\WINDOWS\system32\dhuzavxb.exe
C:\WINDOWS\system32\eour.exe
C:\WINDOWS\system32\ffphkbr.exe
C:\WINDOWS\system32\hgsxcrgq.exe
C:\WINDOWS\system32\iwugku.exe
C:\WINDOWS\system32\iylzra.exe
C:\WINDOWS\system32\jhxyqlsz.exe
C:\WINDOWS\system32\kjxda.exe
C:\WINDOWS\system32\logonui.exe.manifest
C:\WINDOWS\system32\lsilupi.exe
C:\WINDOWS\system32\mztw.exe
C:\WINDOWS\system32\ncgzkw.exe
C:\WINDOWS\system32\nwfvs.exe
C:\WINDOWS\system32\oibe.exe
C:\WINDOWS\system32\oyhvuq.exe
C:\WINDOWS\system32\pkmyh.exe
C:\WINDOWS\system32\plsrwyi.exe
C:\WINDOWS\system32\puiviaju.exe
C:\WINDOWS\system32\qtgmm.exe
C:\WINDOWS\system32\rrbglg.exe
C:\WINDOWS\system32\udctpnyq.exe
C:\WINDOWS\system32\uuir.exe
C:\WINDOWS\system32\uxjcws.exe
C:\WINDOWS\system32\vuwwg.exe
C:\WINDOWS\system32\xcaqezvg.exe
C:\WINDOWS\system32\xhzjhaa.exe
C:\WINDOWS\system32\xlfz.exe
C:\WINDOWS\system32\xmlct.exe
C:\WINDOWS\system32\zmfk.exe
C:\WINDOWS\system32\zumgso.exe
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL0002.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL0257.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL0734.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL1040.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL1394.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL3910.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL4036.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers apres midi\fevrier 2003\~WRL0001.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers apres midi\fevrier 2003\~WRL0003.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers apres midi\fevrier 2003\~WRL0005.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers matin\DECEMBRE 2002\~WRL0004.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers matin\DECEMBRE 2002\~WRL2714.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\~WRL0004.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\2006 2007\ateliers\octobre\~WRL0520.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\ateliers\octobre\~WRL0520.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\decembre\~WRL0386.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\decembre\~WRL2218.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\janvier\~WRL0001.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\janvier\~WRL1983.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL0376.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL0458.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL0803.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL1629.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL1926.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL2174.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL3273.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\albums\chaperon rouge\lecture moyens chape\lecture moyens chape\~WRL0553.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\math\~WRL0693.tmp
C:\Documents and Settings\Val‚rie\Mes documents\recettes\map\~WRL2689.tmp
C:\WINDOWS\system32\config\system.tmp.LOG
Finished
Logfile of HijackThis v1.99.1
Scan saved at 22:35:29, on 15/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FA744E7E-F892-AD69-CB3A-FBBADA4717C1} - C:\WINDOWS\System32\rss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
en mode normal, mon ordi rame toujours autant !!
SDFix: Version 1.62
15/02/2007 - 21:41:45,81
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Register DLL Driver
Windows Messenger
Path:
"C:\WINDOWS\regdll.exe"
"C:\WINDOWS\msnmsgr.exe"
Register DLL Driver Deleted
Windows Messenger Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
C:\WINDOWS\system32\Microsoft\backup.ftp Found...
C:\WINDOWS\system32\Microsoft\backup.tftp Found...
Checking files:
Genuine:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\Program Files\Fichiers communs\Yazzle1658OinUninstaller.exe
C:\QooBox\Purity\WINDOWS\SSEMBL~1\wucrtupd.exe
C:\WINDOWS\system32\atou.exe
C:\WINDOWS\system32\bcmdxgsg.exe
C:\WINDOWS\system32\buceooi.exe
C:\WINDOWS\system32\ccuvgbr.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\cjgzoqn.exe
C:\WINDOWS\system32\cqwpveuw.exe
C:\WINDOWS\system32\dhuzavxb.exe
C:\WINDOWS\system32\eour.exe
C:\WINDOWS\system32\ffphkbr.exe
C:\WINDOWS\system32\hgsxcrgq.exe
C:\WINDOWS\system32\iwugku.exe
C:\WINDOWS\system32\iylzra.exe
C:\WINDOWS\system32\jhxyqlsz.exe
C:\WINDOWS\system32\kjxda.exe
C:\WINDOWS\system32\logonui.exe.manifest
C:\WINDOWS\system32\lsilupi.exe
C:\WINDOWS\system32\mztw.exe
C:\WINDOWS\system32\ncgzkw.exe
C:\WINDOWS\system32\nwfvs.exe
C:\WINDOWS\system32\oibe.exe
C:\WINDOWS\system32\oyhvuq.exe
C:\WINDOWS\system32\pkmyh.exe
C:\WINDOWS\system32\plsrwyi.exe
C:\WINDOWS\system32\puiviaju.exe
C:\WINDOWS\system32\qtgmm.exe
C:\WINDOWS\system32\rrbglg.exe
C:\WINDOWS\system32\udctpnyq.exe
C:\WINDOWS\system32\uuir.exe
C:\WINDOWS\system32\uxjcws.exe
C:\WINDOWS\system32\vuwwg.exe
C:\WINDOWS\system32\xcaqezvg.exe
C:\WINDOWS\system32\xhzjhaa.exe
C:\WINDOWS\system32\xlfz.exe
C:\WINDOWS\system32\xmlct.exe
C:\WINDOWS\system32\zmfk.exe
C:\WINDOWS\system32\zumgso.exe
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL0002.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL0257.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL0734.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL1040.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL1394.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL3910.tmp
C:\Documents and Settings\Val‚rie\Application Data\Microsoft\Word\~WRL4036.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers apres midi\fevrier 2003\~WRL0001.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers apres midi\fevrier 2003\~WRL0003.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers apres midi\fevrier 2003\~WRL0005.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers matin\DECEMBRE 2002\~WRL0004.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2002 2003\ateliers\ateliers matin\DECEMBRE 2002\~WRL2714.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\~WRL0004.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\2006 2007\ateliers\octobre\~WRL0520.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\ateliers\octobre\~WRL0520.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\decembre\~WRL0386.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\decembre\~WRL2218.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\janvier\~WRL0001.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\cahier journal\janvier\~WRL1983.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL0376.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL0458.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL0803.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL1629.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL1926.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL2174.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\2006 2007\SAUTER LANCER\~WRL3273.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\albums\chaperon rouge\lecture moyens chape\lecture moyens chape\~WRL0553.tmp
C:\Documents and Settings\Val‚rie\Mes documents\ecole\math\~WRL0693.tmp
C:\Documents and Settings\Val‚rie\Mes documents\recettes\map\~WRL2689.tmp
C:\WINDOWS\system32\config\system.tmp.LOG
Finished
Logfile of HijackThis v1.99.1
Scan saved at 22:35:29, on 15/02/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.sfr.fr/offres-numericable.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {942A5F4A-EDAF-E153-FFE9-E6FB8E622991} - C:\WINDOWS\System32\eoo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FA744E7E-F892-AD69-CB3A-FBBADA4717C1} - C:\WINDOWS\System32\rss.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://tiphainepeter.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{72BB3395-B8F0-403D-B4E8-D6DE3EB23FEA}: NameServer = 212.95.66.1,212.95.66.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
en mode normal, mon ordi rame toujours autant !!
Bonsoir,
Étape 1:
Télécharge eScan Antivirus Toolkit ici:
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).
4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.
Ne pas lancer le scan tout de suite !
Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur
Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky
2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.
3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.
6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.
Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
a+
Étape 1:
Télécharge eScan Antivirus Toolkit ici:
http://www.spywareinfo.dk/download/mwav.exe
Sauvegarde-le sur ton Bureau.
Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.
Étape 2:
Voici comment mettre l'outil à jour :
1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").
2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.
3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).
4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.
Ne pas lancer le scan tout de suite !
Étape 3:
Redémarre en mode Sans Échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur
Étape 4:
Du mode Sans Échec, voici comment utiliser le programme :
1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky
2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.
3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\.
5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.
6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !
7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.
Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.
a+
voici le rapport.
J'ai eu du mal car mon ordi a planté 2 fois pendant le processus.
Lors de la première fois, il y avait près de 2200 virus détectés !!
Le rapport qui suit a été fait au troisième redémarrage.
File C:\WINDOWS\System32\unsvchosts.exe tagged as not-a-virus:RiskTool.Win32.Starter.a. No Action Taken.
File C:\ao7s6w9y3.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FVD5HWLW\fr[1].exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\makedr[1].exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Documents and Settings\Valérie\Bureau\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.
File C:\Documents and Settings\Valérie\Bureau\OiUninstaller.exe tagged as not-a-virus:AdWare.Win32.PurityScan.fk. No Action Taken.
File C:\o7w6p1j3p1t4.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Program Files\backups\backup-20070211-212256-904.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\Program Files\Fichiers communs\tjd\del.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.f. No Action Taken.
File C:\Program Files\Fichiers communs\{3C99B515-0577-1036-0105-041113020021}\Bar888.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\Program Files\Fichiers communs\{4C99B515-0577-1036-0105-041113020021}\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\Program Files\Fichiers communs\{4C99B515-0578-1036-0105-041113020021}\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc1\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc10\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc11\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc2\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc3\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc4\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc5\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc6\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc7\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc8\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc9\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\VundoFix Backups\cbxyw.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\VundoFix Backups\ldcoovix.exe.bad tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\VundoFix Backups\lqdrnihe.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\VundoFix Backups\wratfrlx.exe.bad tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\ServicePackFiles\i386\bkssenst.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\brnkzltb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\ctjbrrsw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\rcvrjrrh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\tqbknlnb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\tsweb1.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\ServicePackFiles\i386\tznzcrkl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\zejkxcwb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\znbbsjsk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\Adobe\SVG Viewer\brblvhlb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\116[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\131[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TU4WOP\130[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\116[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\appsetup[1].exe tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.c. No Action Taken.
File C:\WINDOWS\system32\oobe\actsetup\blvccbsx.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\brvecwcs.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\btesnnel.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\btqkxenz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\cwbbnetr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\hlrrerkq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\knkskthw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\lrlzztll.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\nzzwhebn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\rkjenssc.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\rrthsntk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\tchekrqt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\vrrkkhbn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\zvswnlev.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\ektltnch.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\erettxjr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\jkhehnjn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\kbwnhlkk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\lktkttrb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\neehnzxl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\sswzlttc.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\xenjnbqe.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\dslmain\nevttblh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\dslmain\qxztllwj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\dslmain\slhcezwb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\iconnect\jsnsljzh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\iconnect\shrtrsbs.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\isptype\lnvlnzbq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\bccxejnc.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\bzrbbsrn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\cjxsjlbr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\hcvxrtwz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\jjlhknhh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\jlkshlvl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\khkvhhsb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\klkhkrts.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\lbzcxver.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\nrlcnzsh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\qetvqlnw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\rbnrnnxt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\sconnect\jkhjlhbb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\sconnect\vznnebet.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\icserror\vcejlxkt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\hkenntsl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\jjtrkbnj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\knkbrnbn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\ktkbeknl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\rkeetqew.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\skqbvxsq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\tsjhshcj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\ztceskls.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\krcxzncj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\qjeejeej.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\cetrjwtt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\ehxzeshx.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\etnwxxnv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\kjtzrlbb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\rcwnttzv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\wlkbbnrq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\wtkkxrlr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\xcjnkske.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\bknkjheh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\bvqncler.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\crjrhltv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\enbsjwre.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\esjhxblq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\eskcxkhr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hlqstwxz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hnhkkene.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hwncrnhh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hxckwnzl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hxxttskn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\jejrhnvh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\jtxsbxwn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\kjqkxtnz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\kksksesr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\knkhrczb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\lhkhbjzl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\lkjtrhks.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nkhlvlzt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nleevxqj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nstnnnkk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\ntwbjnxv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nvbbshss.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nwqjkkhn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\rresnsct.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\rserkten.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\sejkhevn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\seqtjbee.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\shbqjhcl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\tnqsbljb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\tqkbrhnx.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\tthzxntk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\vjbssbhj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\vkckxhbn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\wnklretl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\wrbbnjss.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\wtenslnj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\zeblsxxw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\zhhrrltb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\zhzsnhje.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\tttnwshl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\unsvchosts.exe tagged as not-a-virus:RiskTool.Win32.Starter.a. No Action Taken.
File C:\WINDOWS\temp\b116.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\temp\b130.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\temp\b131.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\temp\nsmD.tmp\Telecharger.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\Web\tip.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\Web\wcxnjhhj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\x3a9o7s6w9y3.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\_alire.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.
J'ai eu du mal car mon ordi a planté 2 fois pendant le processus.
Lors de la première fois, il y avait près de 2200 virus détectés !!
Le rapport qui suit a été fait au troisième redémarrage.
File C:\WINDOWS\System32\unsvchosts.exe tagged as not-a-virus:RiskTool.Win32.Starter.a. No Action Taken.
File C:\ao7s6w9y3.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FVD5HWLW\fr[1].exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZXH8XWG3\makedr[1].exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Documents and Settings\Valérie\Bureau\clean\pskill.exe tagged as not-a-virus:RiskTool.Win32.PsKill.k. No Action Taken.
File C:\Documents and Settings\Valérie\Bureau\OiUninstaller.exe tagged as not-a-virus:AdWare.Win32.PurityScan.fk. No Action Taken.
File C:\o7w6p1j3p1t4.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Program Files\backups\backup-20070211-212256-904.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\Program Files\Fichiers communs\tjd\del.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.f. No Action Taken.
File C:\Program Files\Fichiers communs\{3C99B515-0577-1036-0105-041113020021}\Bar888.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\Program Files\Fichiers communs\{4C99B515-0577-1036-0105-041113020021}\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\Program Files\Fichiers communs\{4C99B515-0578-1036-0105-041113020021}\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc1\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc10\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc11\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc2\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc3\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc4\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc5\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc6\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc7\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc8\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\RECYCLER\S-1-5-18\Dc9\system.dll tagged as not-a-virus:AdWare.Win32.Softomate.ac. No Action Taken.
File C:\VundoFix Backups\cbxyw.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.fp. No Action Taken.
File C:\VundoFix Backups\ldcoovix.exe.bad tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\VundoFix Backups\lqdrnihe.dll.bad tagged as not-a-virus:AdWare.Win32.Virtumonde.ft. No Action Taken.
File C:\VundoFix Backups\wratfrlx.exe.bad tagged as not-a-virus:AdWare.Win32.Agent.at. No Action Taken.
File C:\WINDOWS\ServicePackFiles\i386\bkssenst.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\brnkzltb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\ctjbrrsw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\rcvrjrrh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\tqbknlnb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\tsweb1.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\ServicePackFiles\i386\tznzcrkl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\zejkxcwb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ServicePackFiles\i386\znbbsjsk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\Adobe\SVG Viewer\brblvhlb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\116[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\131[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TU4WOP\130[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\116[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\appsetup[1].exe tagged as not-a-virus:AdWare.Win32.DelphinMediaViewer.c. No Action Taken.
File C:\WINDOWS\system32\oobe\actsetup\blvccbsx.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\brvecwcs.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\btesnnel.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\btqkxenz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\cwbbnetr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\hlrrerkq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\knkskthw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\lrlzztll.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\nzzwhebn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\rkjenssc.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\rrthsntk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\tchekrqt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\vrrkkhbn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\actsetup\zvswnlev.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\ektltnch.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\erettxjr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\jkhehnjn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\kbwnhlkk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\lktkttrb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\neehnzxl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\sswzlttc.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\error\xenjnbqe.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\dslmain\nevttblh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\dslmain\qxztllwj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\dslmain\slhcezwb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\iconnect\jsnsljzh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\iconnect\shrtrsbs.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\isptype\lnvlnzbq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\bccxejnc.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\bzrbbsrn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\cjxsjlbr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\hcvxrtwz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\jjlhknhh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\jlkshlvl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\khkvhhsb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\klkhkrts.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\lbzcxver.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\nrlcnzsh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\qetvqlnw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\mouse\rbnrnnxt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\sconnect\jkhjlhbb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\html\sconnect\vznnebet.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\icserror\vcejlxkt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\hkenntsl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\jjtrkbnj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\knkbrnbn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\ktkbeknl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\rkeetqew.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\skqbvxsq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\tsjhshcj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\isperror\ztceskls.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\krcxzncj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\qjeejeej.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\cetrjwtt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\ehxzeshx.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\etnwxxnv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\kjtzrlbb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\rcwnttzv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\wlkbbnrq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\wtkkxrlr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\regerror\xcjnkske.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\bknkjheh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\bvqncler.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\crjrhltv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\enbsjwre.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\esjhxblq.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\eskcxkhr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hlqstwxz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hnhkkene.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hwncrnhh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hxckwnzl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\hxxttskn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\jejrhnvh.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\jtxsbxwn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\kjqkxtnz.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\kksksesr.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\knkhrczb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\lhkhbjzl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\lkjtrhks.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nkhlvlzt.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nleevxqj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nstnnnkk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\ntwbjnxv.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nvbbshss.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\nwqjkkhn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\rresnsct.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\rserkten.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\sejkhevn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\seqtjbee.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\shbqjhcl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\tnqsbljb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\tqkbrhnx.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\tthzxntk.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\vjbssbhj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\vkckxhbn.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\wnklretl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\wrbbnjss.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\wtenslnj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\zeblsxxw.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\zhhrrltb.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\setup\zhzsnhje.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\oobe\tttnwshl.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\unsvchosts.exe tagged as not-a-virus:RiskTool.Win32.Starter.a. No Action Taken.
File C:\WINDOWS\temp\b116.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\temp\b130.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\temp\b131.exe tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\temp\nsmD.tmp\Telecharger.dll tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\WINDOWS\Web\tip.htm infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.
File C:\WINDOWS\Web\wcxnjhhj.exe infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Deleted.
File C:\x3a9o7s6w9y3.exe tagged as not-a-virus:Dialer.Win32.Agent.b. No Action Taken.
File C:\_alire.html infected by "Net-Worm.Win32.Allaple.a" Virus. Action Taken: File Disinfected.
bonsoir valy,
escan a encore fait du nettoyage!
passe un scan en ligne ici:
http://www.bitdefender.fr/scan8/ie.html
poste le rapport ensuite!
a+
escan a encore fait du nettoyage!
passe un scan en ligne ici:
http://www.bitdefender.fr/scan8/ie.html
poste le rapport ensuite!
a+
bonjour,
impossible de démarrer le scan en ligne.
Quand je clique sur le bouton "I agree", j'ai un message :
This website is not authorized to host this ActiveX control.
Please contact the webmaster of this website, or report to BitDefender at the e-mail adress...
Le clic sur le bouton "Clic here to scan" ne donne rien du tout.
Je suis en mode sans échec avec prise en charge du réseau.
Même chose tout à l'heure, en mode normal.
?????
Valy67
impossible de démarrer le scan en ligne.
Quand je clique sur le bouton "I agree", j'ai un message :
This website is not authorized to host this ActiveX control.
Please contact the webmaster of this website, or report to BitDefender at the e-mail adress...
Le clic sur le bouton "Clic here to scan" ne donne rien du tout.
Je suis en mode sans échec avec prise en charge du réseau.
Même chose tout à l'heure, en mode normal.
?????
Valy67
Bonsoir,
Télécharge la version d'essai de ce lien :
https://www.kaspersky.fr/downloads?chapter=186498689
Un tuto complet est disponible ici (merci Malekal_morte) :
https://www.malekal.com/tutorial-kaspersky-trial/
Imprime, ou colle ces instructions dans un fichier texte.
Les grandes lignes du tuto :
Après l'installation, lors de la configuration via l'assistant :
- Désactive Avast! antivirus complètement, sinon il y aura conflit avec Kaspersky.
- Active la version d'évaluation des licences de 30 jours
- Lance une mise à jour automatique
- Active la protection de base
**Ne lance pas le scan tout de suite**
Redémarre en Sans Échec
- Démarre Kaspersky à partir du Menu Démarrer >> Tous les programmes >> Kaspersky Anti-virus
- Une icone avec un K grisé va apparaître en bas à droite à côté de l'horloge
- Fais un clic droit sur cette icône puis "Analyser le Poste de travail"
- Le scan de l'ordinateur va démarrer
- Une fois le scan terminé, supprime tous les malwares détectés
- Créé un rapport à partir du bouton Enregistrer-sous en bas de la fenêtre, enregistre le fichier sous le nom Kaspersky.txt sur ton Bureau.
---------------------------------------------------------
Poste (copie/colle) le rapport de Kaspersky, si possible
a+
Télécharge la version d'essai de ce lien :
https://www.kaspersky.fr/downloads?chapter=186498689
Un tuto complet est disponible ici (merci Malekal_morte) :
https://www.malekal.com/tutorial-kaspersky-trial/
Imprime, ou colle ces instructions dans un fichier texte.
Les grandes lignes du tuto :
Après l'installation, lors de la configuration via l'assistant :
- Désactive Avast! antivirus complètement, sinon il y aura conflit avec Kaspersky.
- Active la version d'évaluation des licences de 30 jours
- Lance une mise à jour automatique
- Active la protection de base
**Ne lance pas le scan tout de suite**
Redémarre en Sans Échec
- Démarre Kaspersky à partir du Menu Démarrer >> Tous les programmes >> Kaspersky Anti-virus
- Une icone avec un K grisé va apparaître en bas à droite à côté de l'horloge
- Fais un clic droit sur cette icône puis "Analyser le Poste de travail"
- Le scan de l'ordinateur va démarrer
- Une fois le scan terminé, supprime tous les malwares détectés
- Créé un rapport à partir du bouton Enregistrer-sous en bas de la fenêtre, enregistre le fichier sous le nom Kaspersky.txt sur ton Bureau.
---------------------------------------------------------
Poste (copie/colle) le rapport de Kaspersky, si possible
a+
voici le rapport de l'analyse de Kaspersky
en mode sans échaec avec prise en charge du réseau
merci pour ton aide
valy67
Analyse du Poste de travail
---------------------------
Analysés : 164543
Infectés : 65
Non traités : 0
Lancement : 18/02/2007 23:13:25
Durée : 01:00:16
Fin : 19/02/2007 00:13:41
Infectés
--------
Etat Objet
---- -----
supprimé : cheval de Troie Backdoor.Win32.Wisdoor.v Le fichier: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UVQU4WCV\asd[1].exe.mwt//PE_Patch//NTKrnl
supprimé : adware not-a-virus:AdWare.Win32.PurityScan.fk Le fichier: C:\Documents and Settings\Valérie\Bureau\OiUninstaller.exe//data0002//UPX
supprimé : adware not-a-virus:AdWare.Win32.PurityScan.bu Le fichier: C:\Documents and Settings\Valérie\Bureau\OiUninstaller.exe//data0003
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\backups\backup-20070211-212256-904.dll
supprimé : adware not-a-virus:AdWare.Win32.DelphinMediaViewer.f Le fichier: C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\Fichiers communs\{3C99B515-0577-1036-0105-041113020021}\Bar888.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\Fichiers communs\{4C99B515-0577-1036-0105-041113020021}\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\Fichiers communs\{4C99B515-0578-1036-0105-041113020021}\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc1\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc10\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc11\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc2\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc3\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc4\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc5\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc6\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc7\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc8\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc9\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Virtumonde.fp Le fichier: C:\VundoFix Backups\cbxyw.dll.bad
supprimé : adware not-a-virus:AdWare.Win32.Agent.at Le fichier: C:\VundoFix Backups\ldcoovix.exe.bad
supprimé : adware not-a-virus:AdWare.Win32.Virtumonde.ft Le fichier: C:\VundoFix Backups\lqdrnihe.dll.bad
supprimé : adware not-a-virus:AdWare.Win32.Agent.at Le fichier: C:\VundoFix Backups\wratfrlx.exe.bad
supprimé : cheval de Troie Backdoor.Win32.Wisdoor.v Le fichier: C:\WINDOWS\mana.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\anp.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\asa.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.IRCBot.xv Le fichier: C:\WINDOWS\system32\bcmdxgsg.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\cfj.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\eyw.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\fcb.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\fpy.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\hll.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\ibe.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.Rbot.bwk Le fichier: C:\WINDOWS\system32\kjxda.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.IRCBot.xv Le fichier: C:\WINDOWS\system32\lsilupi.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\mgz.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.Rbot.gen Le fichier: C:\WINDOWS\system32\mslar.exe.mwt//Enigma
supprimé : cheval de Troie Backdoor.Win32.Rbot.gen Le fichier: C:\WINDOWS\system32\ncgzkw.exe.mwt//Enigma
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\now.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.Rbot.gen Le fichier: C:\WINDOWS\system32\nwfvs.exe.mwt//Enigma
supprimé : cheval de Troie Backdoor.Win32.IRCBot.ye Le fichier: C:\WINDOWS\system32\oyhvuq.exe.mwt//Expressor//RLPack
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\pni.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\qwy.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\usv.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\uuh.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\uym.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\uyn.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\vsx.exe.mwt//PE_Patch//NTKrnl
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\116[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\131[1].net//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\131[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TU4WOP\130[1].net//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TU4WOP\130[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\116[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.DelphinMediaViewer.c Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\appsetup[1].exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b116.exe//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b130.exe//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b130.exe//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b131.exe//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b131.exe//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\nsmD.tmp\Telecharger.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\116[1].net
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b116.exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b130.exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b131.exe
Evènements
----------
Heure Nom Etat Cause
----- --- ---- -----
Statistiques
------------
Objet Analysés Objets dangereux Non traités Supprimés Placés en quarantaine Archives Fichiers compactés Protégés par un mot de passe Corrompus
----- -------- ---------------- ------------ --------- --------------------- -------- ------------------ ---------------------------- ---------
Paramètres
----------
Paramètre Valeur
--------- ------
Niveau de protection Recommandé
Action Confirmer à la fin de l'analyse
Mode de lancement Manuel
Types de fichiers Analyser tous les fichiers
Analyse uniquement des nouveaux fichiers et des fichiers modifiés Non
Analyse des archives l'ensemble des
Analyse des objets OLE joints l'ensemble des
Ne pas analyser l'objet s'il fait plus de Non
Ne pas analyser si l'analyse dure plus de Non
Analyse des fichiers au format de messagerie Non
Analyse des archives protégées par un mot de passe Non
Activer la technologie iChecker Oui
Activer la technologie iSwift Oui
Afficher les objets dangereux découverts sur l'onglet "Infectés" Oui
en mode sans échaec avec prise en charge du réseau
merci pour ton aide
valy67
Analyse du Poste de travail
---------------------------
Analysés : 164543
Infectés : 65
Non traités : 0
Lancement : 18/02/2007 23:13:25
Durée : 01:00:16
Fin : 19/02/2007 00:13:41
Infectés
--------
Etat Objet
---- -----
supprimé : cheval de Troie Backdoor.Win32.Wisdoor.v Le fichier: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UVQU4WCV\asd[1].exe.mwt//PE_Patch//NTKrnl
supprimé : adware not-a-virus:AdWare.Win32.PurityScan.fk Le fichier: C:\Documents and Settings\Valérie\Bureau\OiUninstaller.exe//data0002//UPX
supprimé : adware not-a-virus:AdWare.Win32.PurityScan.bu Le fichier: C:\Documents and Settings\Valérie\Bureau\OiUninstaller.exe//data0003
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\backups\backup-20070211-212256-904.dll
supprimé : adware not-a-virus:AdWare.Win32.DelphinMediaViewer.f Le fichier: C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\Fichiers communs\{3C99B515-0577-1036-0105-041113020021}\Bar888.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\Fichiers communs\{4C99B515-0577-1036-0105-041113020021}\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\Program Files\Fichiers communs\{4C99B515-0578-1036-0105-041113020021}\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc1\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc10\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc11\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc2\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc3\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc4\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc5\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc6\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc7\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc8\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.ac Le fichier: C:\RECYCLER\S-1-5-18\Dc9\system.dll
supprimé : adware not-a-virus:AdWare.Win32.Virtumonde.fp Le fichier: C:\VundoFix Backups\cbxyw.dll.bad
supprimé : adware not-a-virus:AdWare.Win32.Agent.at Le fichier: C:\VundoFix Backups\ldcoovix.exe.bad
supprimé : adware not-a-virus:AdWare.Win32.Virtumonde.ft Le fichier: C:\VundoFix Backups\lqdrnihe.dll.bad
supprimé : adware not-a-virus:AdWare.Win32.Agent.at Le fichier: C:\VundoFix Backups\wratfrlx.exe.bad
supprimé : cheval de Troie Backdoor.Win32.Wisdoor.v Le fichier: C:\WINDOWS\mana.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\anp.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\asa.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.IRCBot.xv Le fichier: C:\WINDOWS\system32\bcmdxgsg.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\cfj.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\eyw.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\fcb.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\fpy.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\hll.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\ibe.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.Rbot.bwk Le fichier: C:\WINDOWS\system32\kjxda.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.IRCBot.xv Le fichier: C:\WINDOWS\system32\lsilupi.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\mgz.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.Rbot.gen Le fichier: C:\WINDOWS\system32\mslar.exe.mwt//Enigma
supprimé : cheval de Troie Backdoor.Win32.Rbot.gen Le fichier: C:\WINDOWS\system32\ncgzkw.exe.mwt//Enigma
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\now.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.Rbot.gen Le fichier: C:\WINDOWS\system32\nwfvs.exe.mwt//Enigma
supprimé : cheval de Troie Backdoor.Win32.IRCBot.ye Le fichier: C:\WINDOWS\system32\oyhvuq.exe.mwt//Expressor//RLPack
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\pni.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\qwy.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\usv.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.bdh Le fichier: C:\WINDOWS\system32\uuh.exe.mwt
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\uym.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\uyn.exe.mwt//PE_Patch//NTKrnl
supprimé : cheval de Troie Backdoor.Win32.SdBot.aad Le fichier: C:\WINDOWS\system32\vsx.exe.mwt//PE_Patch//NTKrnl
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\116[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\131[1].net//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\60M47J7H\131[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TU4WOP\130[1].net//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I1TU4WOP\130[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\116[1].net//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.DelphinMediaViewer.c Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\appsetup[1].exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b116.exe//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b130.exe//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b130.exe//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b131.exe//stream//data0002
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b131.exe//stream//data0004
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\nsmD.tmp\Telecharger.dll
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\LKSVA2B3\116[1].net
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b116.exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b130.exe
supprimé : adware not-a-virus:AdWare.Win32.Softomate.u Le fichier: C:\WINDOWS\temp\b131.exe
Evènements
----------
Heure Nom Etat Cause
----- --- ---- -----
Statistiques
------------
Objet Analysés Objets dangereux Non traités Supprimés Placés en quarantaine Archives Fichiers compactés Protégés par un mot de passe Corrompus
----- -------- ---------------- ------------ --------- --------------------- -------- ------------------ ---------------------------- ---------
Paramètres
----------
Paramètre Valeur
--------- ------
Niveau de protection Recommandé
Action Confirmer à la fin de l'analyse
Mode de lancement Manuel
Types de fichiers Analyser tous les fichiers
Analyse uniquement des nouveaux fichiers et des fichiers modifiés Non
Analyse des archives l'ensemble des
Analyse des objets OLE joints l'ensemble des
Ne pas analyser l'objet s'il fait plus de Non
Ne pas analyser si l'analyse dure plus de Non
Analyse des fichiers au format de messagerie Non
Analyse des archives protégées par un mot de passe Non
Activer la technologie iChecker Oui
Activer la technologie iSwift Oui
Afficher les objets dangereux découverts sur l'onglet "Infectés" Oui
Bonjour valy,
Télécharge le script "Silent Runners"
clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux.
a+
Télécharge le script "Silent Runners"
clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)
poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...
Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux.
a+
"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Page de propriétés sans fil"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés de la roulette"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des activités"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des boutons"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Valérie" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------
ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Carte de performance WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSvcCDA.exe" ["Creative Technology Ltd"]
Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
InstallDriver Table Manager, IDriverT, "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" ["Macrovision Corporation"]
Kaspersky Anti-Virus 6.0, AVP, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r" ["Kaspersky Lab"]
Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\MsPMSNSv.dll" [MS]}
Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor S300\Driver = "CNMLM38.DLL" ["CANON INC."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 258 seconds, including 2 seconds for message boxes)
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Page de propriétés sans fil"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés de la roulette"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des activités"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des boutons"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Valérie" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------
ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Carte de performance WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSvcCDA.exe" ["Creative Technology Ltd"]
Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
InstallDriver Table Manager, IDriverT, "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" ["Macrovision Corporation"]
Kaspersky Anti-Virus 6.0, AVP, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r" ["Kaspersky Lab"]
Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\MsPMSNSv.dll" [MS]}
Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor S300\Driver = "CNMLM38.DLL" ["CANON INC."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 258 seconds, including 2 seconds for message boxes)
bonjour,
je reposte le rapport précédent. Celui-ci a été fait en mode normal, alors que le précédent a été fait en mode sans échec. Je ne sais pas s'il y a une différence.
En tous les cas, le démarrage en mode normal, c'est lent et OUTLOOK met une éternité à s'ouvrir (par rapport au mode sans échec).
De plus, j'ai créé un profil dernièrement, et je n'arrive pas à l'ouvrir
merci pour ton aide.
"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Page de propriétés sans fil"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés de la roulette"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des activités"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des boutons"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Valérie" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------
ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Carte de performance WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSvcCDA.exe" ["Creative Technology Ltd"]
Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
InstallDriver Table Manager, IDriverT, "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" ["Macrovision Corporation"]
Kaspersky Anti-Virus 6.0, AVP, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r" ["Kaspersky Lab"]
Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\MsPMSNSv.dll" [MS]}
Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor S300\Driver = "CNMLM38.DLL" ["CANON INC."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 258 seconds, including 2 seconds for message boxes)
je reposte le rapport précédent. Celui-ci a été fait en mode normal, alors que le précédent a été fait en mode sans échec. Je ne sais pas s'il y a une différence.
En tous les cas, le démarrage en mode normal, c'est lent et OUTLOOK met une éternité à s'ouvrir (par rapport au mode sans échec).
De plus, j'ai créé un profil dernièrement, et je n'arrive pas à l'ouvrir
merci pour ton aide.
"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = ""C:\Program Files\Spyware Doctor\swdoctor.exe" /Q" ["PC Tools Research Pty Ltd"]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1" ["Adobe Systems Incorporated"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Disc Detector" = "C:\Program Files\Creative\ShareDLL\CtNotify.exe" ["Creative Technology Ltd."]
"type32" = ""C:\Program Files\Microsoft IntelliType Pro\type32.exe"" [MS]
"IntelliPoint" = ""C:\Program Files\Microsoft IntelliPoint\point32.exe"" [MS]
"TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
\StubPath = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Page de propriétés sans fil"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés de la roulette"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des activités"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des boutons"
\InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistiques d’Anti-Virus Internet"
-> {HKLM...CLSID} = "Statistiques d’Anti-Virus Internet"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Valérie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Startup items in "Valérie" & "All Users" startup folders:
---------------------------------------------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 28
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar4.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistiques d’Anti-Virus Internet"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistiques d’Anti-Virus Internet"
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\
"ButtonText" = "Spyware Doctor"
"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"
Missing lines (compared with English-language version):
[Strings]: 1 line
All Non-Disabled Services (Display Name, Service Name, Path {Service DLL}):
---------------------------------------------------------------------------
ASP.NET State Service, aspnet_state, "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe" [MS]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
Carte de performance WMI, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSvcCDA.exe" ["Creative Technology Ltd"]
Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
InstallDriver Table Manager, IDriverT, "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" ["Macrovision Corporation"]
Kaspersky Anti-Virus 6.0, AVP, "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r" ["Kaspersky Lab"]
Portable Media Serial Number Service, WmdmPmSN, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\MsPMSNSv.dll" [MS]}
Service d'administration du Gestionnaire de disque logique, dmadmin, "C:\WINDOWS\System32\dmadmin.exe /com" ["Microsoft Corp., Veritas Software"]
Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]}
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor S300\Driver = "CNMLM38.DLL" ["CANON INC."]
----------
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 258 seconds, including 2 seconds for message boxes)
