Fenetres genre cheval de troie qui s'ouvrent
Résolu
sonofliberty
Messages postés
127
Date d'inscription
Statut
Membre
Dernière intervention
-
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
J'ai un gros probleme dont voici les symptomes:
iexplore dans gestion de taches prend 80 Mo !!
Le pc chauffe, le ventilateur tourne sans gros problemes, il devient lent
Des fenetres s'ouvrent des que je lance IE (a coups sur) un exemple de la fenetre:
http://www.popundersupply.net/?VFJDSz0xMjc0
ca m'a fait planté un travail important sur word pour faute de memoire
c++ debugger se lance et y'a fenetre disant que la memoire est over qlq chose du genre
j'ai lancé un logiciel AVG Anti-spyware (j'ai vu qlqun avoi ecrit ca sur un forum pr la meme fenetre intempestive que moi), mais ca na rien changé, meme s'il dit avoir trouvé des cheval de troie ..
Alors je viens vers vous en desespoire de cause. j'ai vu votre professionalisme (meme a titre benevole) chapeau, et j'ai vu que les solutions sont bien souvent tres personnalises alors je viens vers vous pour trouver solution a mon probleme, dites moi juste ce que je doit faire, j'ai vu que vous utiliser Hijack this, dites moi juste que dois je faire
Merci d'avance
Je peux deja vous donner Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:45, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [44e72ee4] rundll32.exe "C:\WINDOWS\system32\qbbsomkp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
J'ai un gros probleme dont voici les symptomes:
iexplore dans gestion de taches prend 80 Mo !!
Le pc chauffe, le ventilateur tourne sans gros problemes, il devient lent
Des fenetres s'ouvrent des que je lance IE (a coups sur) un exemple de la fenetre:
http://www.popundersupply.net/?VFJDSz0xMjc0
ca m'a fait planté un travail important sur word pour faute de memoire
c++ debugger se lance et y'a fenetre disant que la memoire est over qlq chose du genre
j'ai lancé un logiciel AVG Anti-spyware (j'ai vu qlqun avoi ecrit ca sur un forum pr la meme fenetre intempestive que moi), mais ca na rien changé, meme s'il dit avoir trouvé des cheval de troie ..
Alors je viens vers vous en desespoire de cause. j'ai vu votre professionalisme (meme a titre benevole) chapeau, et j'ai vu que les solutions sont bien souvent tres personnalises alors je viens vers vous pour trouver solution a mon probleme, dites moi juste ce que je doit faire, j'ai vu que vous utiliser Hijack this, dites moi juste que dois je faire
Merci d'avance
Je peux deja vous donner Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:45, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [44e72ee4] rundll32.exe "C:\WINDOWS\system32\qbbsomkp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
A voir également:
- Fenetres genre cheval de troie qui s'ouvrent
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Site genre coco - Accueil - Réseaux sociaux
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Remplaçant de Coco : quelles solutions pour tchater gratuitement en ligne ? - Accueil - Réseaux sociaux
- Logiciel classement musique par genre gratuit - Télécharger - Lecture & Playlists
127 réponses
ta remarqué qu'a coté de C:\WINDOWS\system32\hacxgrsq.dll il ya a une virgule et "b" c'est pour bad ?
Je dis ça, mais j'y connais rien
Je dis ça, mais j'y connais rien
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Nouvelle : mon Anti virus : nod32 a detecté dans Temp rqfgxneh.exe et dis que c'est une menace Win32/Agent.BCK Cheval de Troie
Bitdefender scan toujours ...
Je met en quarantaire ?
Bitdefender scan toujours ...
Je met en quarantaire ?
tu me conseillera ce que je doit lancer comme programmes pas trop gourmants pour eviter ces problemes (a la fin)
BitDefender Online Scanner
Scan report generated at: Thu, Oct 25, 2007 - 18:06:57
Scan path: C:\;D:\;
Statistics
Time
02:23:31
Files
569396
Folders
13775
Boot Sectors
3
Archives
13300
Packed Files
43455
Results
Identified Viruses
10
Infected Files
20
Suspect Files
2
Warnings
0
Disinfected
0
Deleted Files
30
Engines Info
Virus Definitions
858068
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)=>oovooinst.exe
Infected with: Trojan.Generic.25641
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)=>oovooinst.exe
Disinfection failed
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)=>oovooinst.exe
Deleted
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)
Update failed
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)=>AutoPlay/Docs/Crack.exe
Infected with: Trojan.Pws.Zapchast.D
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)=>AutoPlay/Docs/Crack.exe
Disinfection failed
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)=>AutoPlay/Docs/Crack.exe
Deleted
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)
Updated
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe
Update failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb=>(Access Embedded)
Suspected of: Macro.VBA
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb=>(Access Embedded)
Disinfection failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb=>(Access Embedded)
Deleted
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb
Update failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda=>(Access Embedded)
Suspected of: Macro.VBA
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda=>(Access Embedded)
Disinfection failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda=>(Access Embedded)
Deleted
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda
Update failed
C:\Program Files\ESET\infected\2VT3Z5BA.NQF=>(Quarantine-PE)
Infected with: Trojan.Clicker.Agent.NP
C:\Program Files\ESET\infected\2VT3Z5BA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\2VT3Z5BA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\422O5LCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Agent.ECZ
C:\Program Files\ESET\infected\422O5LCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\422O5LCA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\4HVUIPDA.NQF=>(Quarantine-PE)
Infected with: Trojan.Vundo.DNR
C:\Program Files\ESET\infected\4HVUIPDA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\4HVUIPDA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Downloader.Purityscan.EN
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)
Update failed
C:\Program Files\ESET\infected\HXPOMKCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\HXPOMKCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\HXPOMKCA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\P0RWDDBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Vundo.DNR
C:\Program Files\ESET\infected\P0RWDDBA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\P0RWDDBA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\UL4LHPBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\UL4LHPBA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\UL4LHPBA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\WYNBIUBA.NQF
Infected with: Trojan.Downloader.JS.CR
C:\Program Files\ESET\infected\WYNBIUBA.NQF
Disinfection failed
C:\Program Files\ESET\infected\WYNBIUBA.NQF
Deleted
C:\Program Files\ESET\infected\XLEZLLCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\XLEZLLCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\XLEZLLCA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\YGAG5KCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\YGAG5KCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\YGAG5KCA.NQF=>(Quarantine-PE)
Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpq.dll.vir
Infected with: Generic.Virtumod.B8BCF5F6
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpq.dll.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpq.dll.vir
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)=>oovooinst.exe
Infected with: Trojan.Generic.25641
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)=>oovooinst.exe
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)=>oovooinst.exe
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)
Update failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP187\A0065054.rbf
Infected with: Trojan.Generic.25641
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP187\A0065054.rbf
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP187\A0065054.rbf
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080894.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080894.dll
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080894.dll
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080968.dll
Infected with: Trojan.Vundo.DNX
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080968.dll
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080968.dll
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP243\A0081188.dll
Infected with: Generic.Virtumod.B8BCF5F6
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP243\A0081188.dll
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP243\A0081188.dll
Deleted
C:\upload_moi_TJ.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ssqpq.dll.vir
Infected with: Generic.Virtumod.B8BCF5F6
C:\upload_moi_TJ.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ssqpq.dll.vir
Disinfection failed
C:\upload_moi_TJ.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ssqpq.dll.vir
Deleted
C:\upload_moi_TJ.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_TJ.tar.gz
Updated
C:\VundoFix Backups\ahymhoxu.dll.bad
Infected with: Trojan.Vundo.DNX
C:\VundoFix Backups\ahymhoxu.dll.bad
Disinfection failed
C:\VundoFix Backups\ahymhoxu.dll.bad
Deleted
Scan report generated at: Thu, Oct 25, 2007 - 18:06:57
Scan path: C:\;D:\;
Statistics
Time
02:23:31
Files
569396
Folders
13775
Boot Sectors
3
Archives
13300
Packed Files
43455
Results
Identified Viruses
10
Infected Files
20
Suspect Files
2
Warnings
0
Disinfected
0
Deleted Files
30
Engines Info
Virus Definitions
858068
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)=>oovooinst.exe
Infected with: Trojan.Generic.25641
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)=>oovooinst.exe
Disinfection failed
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)=>oovooinst.exe
Deleted
C:\Documents and Settings\Tarik\Local Settings\Application Data\{167B9073-5929-4AAD-AE87-68A9BEB3D796}\Pando.msi=>(Embedded CAB)
Update failed
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)=>AutoPlay/Docs/Crack.exe
Infected with: Trojan.Pws.Zapchast.D
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)=>AutoPlay/Docs/Crack.exe
Disinfection failed
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)=>AutoPlay/Docs/Crack.exe
Deleted
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe=>(ZIP Sfx o)
Updated
C:\Documents and Settings\Tarik\Mes documents\Mes Programmes\DVDR n°2\Crack vista\Vista_RTM_Cracker.exe
Update failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb=>(Access Embedded)
Suspected of: Macro.VBA
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb=>(Access Embedded)
Disinfection failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb=>(Access Embedded)
Deleted
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\exemple de bases 2\oui\menudragdrop\menudragdrop.mdb
Update failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda=>(Access Embedded)
Suspected of: Macro.VBA
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda=>(Access Embedded)
Disinfection failed
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda=>(Access Embedded)
Deleted
C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Annexes\Carton GEPIM\bases à interger\wzsearch.zip=>wzSearch.mda
Update failed
C:\Program Files\ESET\infected\2VT3Z5BA.NQF=>(Quarantine-PE)
Infected with: Trojan.Clicker.Agent.NP
C:\Program Files\ESET\infected\2VT3Z5BA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\2VT3Z5BA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\422O5LCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Downloader.Agent.ECZ
C:\Program Files\ESET\infected\422O5LCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\422O5LCA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\4HVUIPDA.NQF=>(Quarantine-PE)
Infected with: Trojan.Vundo.DNR
C:\Program Files\ESET\infected\4HVUIPDA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\4HVUIPDA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Downloader.Purityscan.EN
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Program Files\ESET\infected\HDLXL2CA.NQF=>(Quarantine-PE)=>(NSIS o)
Update failed
C:\Program Files\ESET\infected\HXPOMKCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\HXPOMKCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\HXPOMKCA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\P0RWDDBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Vundo.DNR
C:\Program Files\ESET\infected\P0RWDDBA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\P0RWDDBA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\UL4LHPBA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\UL4LHPBA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\UL4LHPBA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\WYNBIUBA.NQF
Infected with: Trojan.Downloader.JS.CR
C:\Program Files\ESET\infected\WYNBIUBA.NQF
Disinfection failed
C:\Program Files\ESET\infected\WYNBIUBA.NQF
Deleted
C:\Program Files\ESET\infected\XLEZLLCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\XLEZLLCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\XLEZLLCA.NQF=>(Quarantine-PE)
Deleted
C:\Program Files\ESET\infected\YGAG5KCA.NQF=>(Quarantine-PE)
Infected with: Trojan.Fotomoto.E
C:\Program Files\ESET\infected\YGAG5KCA.NQF=>(Quarantine-PE)
Disinfection failed
C:\Program Files\ESET\infected\YGAG5KCA.NQF=>(Quarantine-PE)
Deleted
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpq.dll.vir
Infected with: Generic.Virtumod.B8BCF5F6
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpq.dll.vir
Disinfection failed
C:\qoobox\Quarantine\C\WINDOWS\system32\ssqpq.dll.vir
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)=>oovooinst.exe
Infected with: Trojan.Generic.25641
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)=>oovooinst.exe
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)=>oovooinst.exe
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP186\A0064979.msi=>(Embedded CAB)
Update failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP187\A0065054.rbf
Infected with: Trojan.Generic.25641
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP187\A0065054.rbf
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP187\A0065054.rbf
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080894.dll
Infected with: Trojan.Vundo.DNR
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080894.dll
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080894.dll
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080968.dll
Infected with: Trojan.Vundo.DNX
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080968.dll
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP241\A0080968.dll
Deleted
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP243\A0081188.dll
Infected with: Generic.Virtumod.B8BCF5F6
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP243\A0081188.dll
Disinfection failed
C:\System Volume Information\_restore{B3BF5352-B406-412E-936E-A9436F19C528}\RP243\A0081188.dll
Deleted
C:\upload_moi_TJ.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ssqpq.dll.vir
Infected with: Generic.Virtumod.B8BCF5F6
C:\upload_moi_TJ.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ssqpq.dll.vir
Disinfection failed
C:\upload_moi_TJ.tar.gz=>upload_moi.tar=>qoobox/Quarantine/C/WINDOWS/system32/ssqpq.dll.vir
Deleted
C:\upload_moi_TJ.tar.gz=>upload_moi.tar
Updated
C:\upload_moi_TJ.tar.gz
Updated
C:\VundoFix Backups\ahymhoxu.dll.bad
Infected with: Trojan.Vundo.DNX
C:\VundoFix Backups\ahymhoxu.dll.bad
Disinfection failed
C:\VundoFix Backups\ahymhoxu.dll.bad
Deleted
Logfile of HijackThis v1.99.1
Scan saved at 18:10:07, on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking_last\Program\web_ie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [44e72ee4] rundll32.exe "C:\WINDOWS\system32\hacxgrsq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
Scan saved at 18:10:07, on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\Program Files\Dragon Systems\NaturallySpeaking_last\Program\web_ie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [44e72ee4] rundll32.exe "C:\WINDOWS\system32\hacxgrsq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
re,
coche et fix ceci avec hijack this :
O4 - HKLM\..\Run: [44e72ee4] rundll32.exe "C:\WINDOWS\system32\hacxgrsq.dll",b
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
pour hacxgrsq.dll
on va fixer la ligne pour le moment, tu ne devrais plus avoir le message apres
puis
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
coche et fix ceci avec hijack this :
O4 - HKLM\..\Run: [44e72ee4] rundll32.exe "C:\WINDOWS\system32\hacxgrsq.dll",b
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
comment fixer :
Tutoriel d´utilisation (video) :
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
pour hacxgrsq.dll
on va fixer la ligne pour le moment, tu ne devrais plus avoir le message apres
puis
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
SDFix: Version 1.112
Run by Tarik on 25/10/2007 at 19:29
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Tarik\Bureau\bibi\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\tsitra1044.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Call"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Tarik\Bureau\bibi\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 23 Oct 2007 6,505 ..SH. --- "C:\WINDOWS\system32\tstwa.bak1"
Wed 24 Oct 2007 487,241 ..SH. --- "C:\WINDOWS\system32\tstwa.bak2"
Fri 19 Oct 2007 17,504,768 ...H. --- "C:\Documents and Settings\Tarik\Bureau\~WRL0001.tmp"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Tue 21 Dec 2004 16,384 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 20 Jan 2005 11,344 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Tue 17 Feb 1998 201 A.SHR --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Phone\PHONE.596\CCONTROL.SYS"
Sat 24 Aug 1996 32,256 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\Accessoires\mspcx32.dll"
Sat 24 Aug 1996 22,016 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\CCDIALER.EXE"
Sat 24 Aug 1996 13,312 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\CCEI.DLL"
Sat 24 Aug 1996 14,336 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\CCPSH.DLL"
Sat 24 Aug 1996 68,096 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\ENGCT.EXE"
Sat 24 Aug 1996 129,536 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\GUIDE.EXE"
Sat 24 Aug 1996 149,504 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\MOSCOMP.DLL"
Sat 24 Aug 1996 69,632 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\MOSCP.EXE"
Sat 24 Aug 1996 88,064 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\MPCCL.DLL"
Sat 24 Aug 1996 20,480 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\Accessoires\HyperTerminal\hticons.dll"
Sat 24 Aug 1996 331,776 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\Accessoires\HyperTerminal\hypertrm.dll"
Finished!
Run by Tarik on 25/10/2007 at 19:29
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Tarik\Bureau\bibi\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\tsitra1044.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Call"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\Tarik\Bureau\bibi\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 23 Oct 2007 6,505 ..SH. --- "C:\WINDOWS\system32\tstwa.bak1"
Wed 24 Oct 2007 487,241 ..SH. --- "C:\WINDOWS\system32\tstwa.bak2"
Fri 19 Oct 2007 17,504,768 ...H. --- "C:\Documents and Settings\Tarik\Bureau\~WRL0001.tmp"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Tue 21 Dec 2004 16,384 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setup.dll"
Thu 20 Jan 2005 11,344 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Tue 17 Feb 1998 201 A.SHR --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Phone\PHONE.596\CCONTROL.SYS"
Sat 24 Aug 1996 32,256 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\Accessoires\mspcx32.dll"
Sat 24 Aug 1996 22,016 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\CCDIALER.EXE"
Sat 24 Aug 1996 13,312 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\CCEI.DLL"
Sat 24 Aug 1996 14,336 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\CCPSH.DLL"
Sat 24 Aug 1996 68,096 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\ENGCT.EXE"
Sat 24 Aug 1996 129,536 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\GUIDE.EXE"
Sat 24 Aug 1996 149,504 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\MOSCOMP.DLL"
Sat 24 Aug 1996 69,632 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\MOSCP.EXE"
Sat 24 Aug 1996 88,064 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\The Microsoft Network\MPCCL.DLL"
Sat 24 Aug 1996 20,480 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\Accessoires\HyperTerminal\hticons.dll"
Sat 24 Aug 1996 331,776 A..H. --- "C:\Documents and Settings\Tarik\Mes documents\PC Lyon\Cr‚ation d'entreprise\Archives BDD GEPIM\Disque dur D\ANCIEN ORDINATEUR N60\Program Files\Accessoires\HyperTerminal\hypertrm.dll"
Finished!