Toohs.com
inthemix
-
inthemix Messages postés 5 Statut Membre -
inthemix Messages postés 5 Statut Membre -
Bonjour salut à tous!
J'ai un sale problème que apparemment personne n'a jamais eu...
il s'agit du suivant:
Lorsque je lance Internet Explorer 7.0, des fenêtres pop-up s'ouvre (genre celldorado, pcinspector, etc...) normalement j'arrive à les bloquer... cependant la impossible... ELLE REVEINNENT TOUT LE TEMPS.
J'ai lancé CCLEANER histoire de voir ce qu'il me trouve... et effectivement il me trouve plein de cookies ou autres fichiers temporaires à supprimer, mais il y a un cookie qui apparaît tout le temps.... TOOHS.com!
CCLEANER le supprimer, mais il revient à chaque fois que je lance internet... et impossible de bloquer ce site... je n'arrive à rien.
Est-ce que quelqu'un a une idée de comment je pourrai faire pour supprimer ce truc?
Mon systeme d'exploitation est Windows XP professionnel service pack 2.
Je vous joint mon IJACK pour vous éclairer....
MERCI D AVANCE!!!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:43:02, on 26.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\GR3\Local Settings\Temporary Internet Files\Content.IE5\JZYYT3N8\HiJackThis_v2[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gland.ch/accueil
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp26C.tmp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-992592841-748086208-2433322846-500\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 (User 'Administrateur')
O4 - HKUS\S-1-5-21-992592841-748086208-2433322846-500\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Administrateur')
O4 - HKUS\S-1-5-21-992592841-748086208-2433322846-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - Startup: Citizen5.lnk = Bat\is8.bat
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: maps.bat
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\Software\..\Telephony: DomainName = gland.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gland.local
O20 - Winlogon Notify: appmon - C:\WINDOWS\SYSTEM32\appmon.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
J'ai un sale problème que apparemment personne n'a jamais eu...
il s'agit du suivant:
Lorsque je lance Internet Explorer 7.0, des fenêtres pop-up s'ouvre (genre celldorado, pcinspector, etc...) normalement j'arrive à les bloquer... cependant la impossible... ELLE REVEINNENT TOUT LE TEMPS.
J'ai lancé CCLEANER histoire de voir ce qu'il me trouve... et effectivement il me trouve plein de cookies ou autres fichiers temporaires à supprimer, mais il y a un cookie qui apparaît tout le temps.... TOOHS.com!
CCLEANER le supprimer, mais il revient à chaque fois que je lance internet... et impossible de bloquer ce site... je n'arrive à rien.
Est-ce que quelqu'un a une idée de comment je pourrai faire pour supprimer ce truc?
Mon systeme d'exploitation est Windows XP professionnel service pack 2.
Je vous joint mon IJACK pour vous éclairer....
MERCI D AVANCE!!!
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:43:02, on 26.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\GR3\Local Settings\Temporary Internet Files\Content.IE5\JZYYT3N8\HiJackThis_v2[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gland.ch/accueil
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp26C.tmp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-992592841-748086208-2433322846-500\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 (User 'Administrateur')
O4 - HKUS\S-1-5-21-992592841-748086208-2433322846-500\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (User 'Administrateur')
O4 - HKUS\S-1-5-21-992592841-748086208-2433322846-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrateur')
O4 - Startup: Citizen5.lnk = Bat\is8.bat
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: maps.bat
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\Software\..\Telephony: DomainName = gland.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gland.local
O20 - Winlogon Notify: appmon - C:\WINDOWS\SYSTEM32\appmon.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
8 réponses
C'est quoi ce bordel ..
Bonjour !
As-tu touché avec hijackthis, c'est à dire supprimer des lignes par exemple ?
Qu'as-tu comme pare-feu, anti-spywares ?
Bonjour !
As-tu touché avec hijackthis, c'est à dire supprimer des lignes par exemple ?
Qu'as-tu comme pare-feu, anti-spywares ?
Salut!
Comme par-feu, j'ai bitdefender total security, anti-spyware j'ai avg, ad-aware, spyboot, vundo.
Il se peut que a personne qui utilisait ce poste avant moi aye touché à hijack... mais je n'en suis pas sûr...
Tu as une idée de comment je peux débordeliser tout ca?
Comme par-feu, j'ai bitdefender total security, anti-spyware j'ai avg, ad-aware, spyboot, vundo.
Il se peut que a personne qui utilisait ce poste avant moi aye touché à hijack... mais je n'en suis pas sûr...
Tu as une idée de comment je peux débordeliser tout ca?
Ok.
Retélécharge la dernière version d'Hijackthis ci-dessous puis fais ce qui est indiqué.
Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
ET
Télécharge lopxp :
---> http://www.mediafire.com/?7ynjs3b3y9k
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fait un copier-coller du rapport puis mets le ici
Retélécharge la dernière version d'Hijackthis ci-dessous puis fais ce qui est indiqué.
Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.exe
Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.
Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
ET
Télécharge lopxp :
---> http://www.mediafire.com/?7ynjs3b3y9k
dézippe-le sur ton bureau puis double-clic sur le fichier "lopxpMH.bat"
quand il a terminé, un rapport s'ouvre : fait un copier-coller du rapport puis mets le ici
Merci pour l'aide!
Voici le rapport Hijack: Pour le rapport lopxp, impossible de télécharger le fichier.. ca m envoye sur une page web introuvable au bout d un moment.... j ai essayé de le télécharger via des sites de google, la ca m envoye directement sur des liens plus valables...
Tu ne connais pas un autre endroit pour télécharger lopxp?
J essaye encore de mon côté...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:52, on 27.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\GR3\Bureau\Nouveau dossier\abcde.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gland.ch/accueil
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3E.tmp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Citizen5.lnk = Bat\is8.bat
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: maps.bat
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\Software\..\Telephony: DomainName = gland.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gland.local
O20 - Winlogon Notify: appmon - C:\WINDOWS\SYSTEM32\appmon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Voici le rapport Hijack: Pour le rapport lopxp, impossible de télécharger le fichier.. ca m envoye sur une page web introuvable au bout d un moment.... j ai essayé de le télécharger via des sites de google, la ca m envoye directement sur des liens plus valables...
Tu ne connais pas un autre endroit pour télécharger lopxp?
J essaye encore de mon côté...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59:52, on 27.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\GR3\Bureau\Nouveau dossier\abcde.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gland.ch/accueil
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\tmp3E.tmp.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Citizen5.lnk = Bat\is8.bat
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: maps.bat
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\Software\..\Telephony: DomainName = gland.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gland.local
O20 - Winlogon Notify: appmon - C:\WINDOWS\SYSTEM32\appmon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Laisse tomber Lopxp pour le moment.
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
¤ Passe un coup de Vundofix et colle le rapport ici stp
¤ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec (redemarrage + tapotte sans arret sur F8 des que l'ordi s'allume)
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
¤ Passe un coup de Vundofix et colle le rapport ici stp
Alors voici le rapport:
SDFix: Version 1.107
Run by GR3 on 27.09.2007 at 11:24
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\GR3\Bureau\Nouveau dossier\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\GR3\Application Data\tmp139.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp141.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp145.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp146.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp147.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp149.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp14B.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp164.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp16C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp17.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp172.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1D.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1D1.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1EB.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F1.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F3.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F4.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp20.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp20E.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp217.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp21B.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp22.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp227.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp24.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp26.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp266.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp26A.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp26C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp28.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp28D.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp28F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp29.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp291.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2A.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2E7.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2FF.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp303.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp32.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp37.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp378.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp39.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp3B.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp3C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp3E.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp44.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp45.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp46.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp4F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp53.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp79.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp80.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp86.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp8E.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp9F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpA1.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpA3.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpCB.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpD0.tmp.exe - Deleted
C:\WINDOWS\system32\tmp139.tmp.dll - Deleted
C:\WINDOWS\system32\tmp149.tmp.dll - Deleted
C:\WINDOWS\system32\tmp14B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp172.tmp.dll - Deleted
C:\WINDOWS\system32\tmp1F4.tmp.dll - Deleted
C:\WINDOWS\system32\tmp21B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp26C.tmp.dll - Deleted
C:\WINDOWS\system32\tmp291.tmp.dll - Deleted
C:\WINDOWS\system32\tmp2F.tmp.dll - Deleted
C:\WINDOWS\system32\tmp303.tmp.dll - Deleted
C:\WINDOWS\system32\tmp39.tmp.dll - Deleted
C:\WINDOWS\system32\tmp3B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp3E.tmp.dll - Deleted
C:\WINDOWS\system32\tmpCB.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="C:\\Program Files\\Symantec AntiVirus\\VPC32.exe:*:Enabled:Symantec AntiVirus"
"C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE:*:Enabled:LuComServer"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe:*:Enabled:Rtvscan"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Atomic Mailbox Password Cracker\\EmailPassRecoveryWizard.exe"="C:\\Program Files\\Atomic Mailbox Password Cracker\\EmailPassRecoveryWizard.exe:*:Enabled:Mailbox password recovery software"
"C:\\Program Files\\Zattoo\\zattood.exe"="C:\\Program Files\\Zattoo\\zattood.exe:*:Enabled:zattood"
"C:\\Program Files\\Zattoo\\Zattoo.exe"="C:\\Program Files\\Zattoo\\Zattoo.exe:*:Enabled: "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\administrateur.GLANDLOC\\Application Data\\U3\\0DD1B95120D248E5\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\administrateur.GLANDLOC\\Application Data\\U3\\0DD1B95120D248E5\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\GR3\\Application Data\\tmpAB.tmp.exe"="C:\\Documents and Settings\\GR3\\Applica"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\GR3\\Application Data\\tmp59.tmp.exe"="C:\\Documents and Settings\\GR3\\Applica"
"C:\\Documents and Settings\\GR3\\Application Data\\tmp360.tmp.exe"="C:\\Documents and Settings\\GR3\\Applicat"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Zattoo\\zattood.exe"="C:\\Program Files\\Zattoo\\zattood.exe:*:Enabled:zattood"
"C:\\Program Files\\Zattoo\\Zattoo2.exe"="C:\\Program Files\\Zattoo\\Zattoo2.exe:*:Enabled: "
"C:\\Program Files\\Zattoo\\Zattoo.exe"="C:\\Program Files\\Zattoo\\Zattoo.exe:*:Enabled: "
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"J:\\LimeWire\\LimeWire.exe"="J:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"J:\\LimeWire\\StarCraft.exe"="J:\\LimeWire\\StarCraft.exe:*:Enabled:Starcraft"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\GR3\Bureau\NOUVEA~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 17 Nov 2006 88 ..SHR --- "C:\WINDOWS\system32\09AAB1BD57.sys"
Fri 17 Nov 2006 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 28 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
SDFix: Version 1.107
Run by GR3 on 27.09.2007 at 11:24
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\GR3\Bureau\Nouveau dossier\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\Documents and Settings\GR3\Application Data\tmp139.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp141.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp145.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp146.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp147.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp149.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp14B.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp164.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp16C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp17.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp172.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1D.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1D1.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1EB.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F1.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F3.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp1F4.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp20.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp20E.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp217.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp21B.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp22.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp227.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp24.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp26.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp266.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp26A.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp26C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp28.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp28D.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp28F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp29.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp291.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2A.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2E7.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp2FF.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp303.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp32.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp37.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp378.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp39.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp3B.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp3C.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp3E.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp44.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp45.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp46.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp4F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp53.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp79.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp80.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp86.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp8E.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmp9F.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpA1.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpA3.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpCB.tmp.exe - Deleted
C:\Documents and Settings\GR3\Application Data\tmpD0.tmp.exe - Deleted
C:\WINDOWS\system32\tmp139.tmp.dll - Deleted
C:\WINDOWS\system32\tmp149.tmp.dll - Deleted
C:\WINDOWS\system32\tmp14B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp172.tmp.dll - Deleted
C:\WINDOWS\system32\tmp1F4.tmp.dll - Deleted
C:\WINDOWS\system32\tmp21B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp26C.tmp.dll - Deleted
C:\WINDOWS\system32\tmp291.tmp.dll - Deleted
C:\WINDOWS\system32\tmp2F.tmp.dll - Deleted
C:\WINDOWS\system32\tmp303.tmp.dll - Deleted
C:\WINDOWS\system32\tmp39.tmp.dll - Deleted
C:\WINDOWS\system32\tmp3B.tmp.dll - Deleted
C:\WINDOWS\system32\tmp3E.tmp.dll - Deleted
C:\WINDOWS\system32\tmpCB.tmp.dll - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec AntiVirus\\VPC32.exe"="C:\\Program Files\\Symantec AntiVirus\\VPC32.exe:*:Enabled:Symantec AntiVirus"
"C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"="C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE:*:Enabled:LuComServer"
"C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe"="C:\\Program Files\\Symantec AntiVirus\\Rtvscan.exe:*:Enabled:Rtvscan"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Disabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Atomic Mailbox Password Cracker\\EmailPassRecoveryWizard.exe"="C:\\Program Files\\Atomic Mailbox Password Cracker\\EmailPassRecoveryWizard.exe:*:Enabled:Mailbox password recovery software"
"C:\\Program Files\\Zattoo\\zattood.exe"="C:\\Program Files\\Zattoo\\zattood.exe:*:Enabled:zattood"
"C:\\Program Files\\Zattoo\\Zattoo.exe"="C:\\Program Files\\Zattoo\\Zattoo.exe:*:Enabled: "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Documents and Settings\\administrateur.GLANDLOC\\Application Data\\U3\\0DD1B95120D248E5\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\administrateur.GLANDLOC\\Application Data\\U3\\0DD1B95120D248E5\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\GR3\\Application Data\\tmpAB.tmp.exe"="C:\\Documents and Settings\\GR3\\Applica"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Documents and Settings\\GR3\\Application Data\\tmp59.tmp.exe"="C:\\Documents and Settings\\GR3\\Applica"
"C:\\Documents and Settings\\GR3\\Application Data\\tmp360.tmp.exe"="C:\\Documents and Settings\\GR3\\Applicat"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Zattoo\\zattood.exe"="C:\\Program Files\\Zattoo\\zattood.exe:*:Enabled:zattood"
"C:\\Program Files\\Zattoo\\Zattoo2.exe"="C:\\Program Files\\Zattoo\\Zattoo2.exe:*:Enabled: "
"C:\\Program Files\\Zattoo\\Zattoo.exe"="C:\\Program Files\\Zattoo\\Zattoo.exe:*:Enabled: "
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine"
"J:\\LimeWire\\LimeWire.exe"="J:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"="C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe:*:Enabled:VideoAccelerator"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"J:\\LimeWire\\StarCraft.exe"="J:\\LimeWire\\StarCraft.exe:*:Enabled:Starcraft"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\GR3\Bureau\NOUVEA~1\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Thu 19 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri 17 Nov 2006 88 ..SHR --- "C:\WINDOWS\system32\09AAB1BD57.sys"
Fri 17 Nov 2006 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 28 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
Salut inthemix
Tu as oublié ceci comme demandé : « ¤ Passe un coup de Vundofix et colle le rapport ici stp »
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
< http://www.atribune.org/ccount/click.php?id=4 >
Double-clique VundoFix.exe afin de le lancer.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton « Scan for Vundo ».
Lorsque le scan est complété, clique sur le bouton « Remove Vundo ».
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport
HijackThis! dans ta prochaine réponse.
Salut Amigo
Al.
EDIT : Pour ceci : C:\oracle\ora92\bin\omtsreco.exe
Il vaut mieux installer Oracle sur un autre disque que le système .
Dans la procédure suivante, on installe Oracle sur une partition D:\
Procédure ici https://fst-informatique.univ-lyon1.fr/
Tu as oublié ceci comme demandé : « ¤ Passe un coup de Vundofix et colle le rapport ici stp »
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
< http://www.atribune.org/ccount/click.php?id=4 >
Double-clique VundoFix.exe afin de le lancer.
Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
Clique sur le bouton « Scan for Vundo ».
Lorsque le scan est complété, clique sur le bouton « Remove Vundo ».
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport
HijackThis! dans ta prochaine réponse.
Salut Amigo
Al.
EDIT : Pour ceci : C:\oracle\ora92\bin\omtsreco.exe
Il vaut mieux installer Oracle sur un autre disque que le système .
Dans la procédure suivante, on installe Oracle sur une partition D:\
Procédure ici https://fst-informatique.univ-lyon1.fr/
Oups ouais désolé....
alors voici le rapport vudo:
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 08:45:32 13.09.2007
Listing files found while scanning....
C:\WINDOWS\dcfihk.ini
C:\WINDOWS\khifcd.dll
C:\WINDOWS\system32\tmpA3.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\dcfihk.ini
C:\WINDOWS\dcfihk.ini Has been deleted!
Attempting to delete C:\WINDOWS\khifcd.dll
C:\WINDOWS\khifcd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tmpA3.tmp.dll
C:\WINDOWS\system32\tmpA3.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 11:17:24 13.09.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 09:00:41 26.09.2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp29.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tmp29.tmp.dll
C:\WINDOWS\system32\tmp29.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 14:21:43 27.09.2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp3E.tmp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
ET VOICI LE RAPPORT HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:46, on 27.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GR3\Bureau\Nouveau dossier\abcde.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gland.ch/accueil
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Citizen5.lnk = Bat\is8.bat
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: maps.bat
O15 - Trusted Zone: https://www.mediafire.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\Software\..\Telephony: DomainName = gland.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gland.local
O20 - Winlogon Notify: appmon - C:\WINDOWS\SYSTEM32\appmon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
alors voici le rapport vudo:
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 08:45:32 13.09.2007
Listing files found while scanning....
C:\WINDOWS\dcfihk.ini
C:\WINDOWS\khifcd.dll
C:\WINDOWS\system32\tmpA3.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\dcfihk.ini
C:\WINDOWS\dcfihk.ini Has been deleted!
Attempting to delete C:\WINDOWS\khifcd.dll
C:\WINDOWS\khifcd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tmpA3.tmp.dll
C:\WINDOWS\system32\tmpA3.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 11:17:24 13.09.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 09:00:41 26.09.2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp29.tmp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\tmp29.tmp.dll
C:\WINDOWS\system32\tmp29.tmp.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.8
Checking Java version...
Java version is 1.5.0.11
Scan started at 14:21:43 27.09.2007
Listing files found while scanning....
C:\WINDOWS\system32\tmp3E.tmp.dll
Beginning removal...
Performing Repairs to the registry.
Done!
ET VOICI LE RAPPORT HIJACK:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:46, on 27.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\GR3\Bureau\Nouveau dossier\abcde.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.gland.ch/accueil
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Citizen5.lnk = Bat\is8.bat
O4 - Startup: Démarrer Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: maps.bat
O15 - Trusted Zone: https://www.mediafire.com/
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\Software\..\Telephony: DomainName = gland.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gland.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gland.local
O20 - Winlogon Notify: appmon - C:\WINDOWS\SYSTEM32\appmon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
